I have an Ubuntu 14.04 server and I have a meteor application that runs at localhost:3000 on this server. The public FQDN of my server is sub.example.com. The meteor application uses Google OAuth 2.0, I have the following configured in the Google API Console:

URI REDIRECTION  
http://sub.example.com/_oauth/google
http://sub.example.com/_oauth/google?close
 ORIGINES JAVASCRIPT 
http://sub.example.com

My Nginx config file looks like this:

server {
    listen 80 default_server;
    server_name sub.example.com www.sub.example.com;
    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://localhost:3000;
    }
}

The proxy works and I can access my meteor application when I go to sub.example.com. But when in this application I try to use Google OAuth 2.0, a pop up opens as it should and I get :

Error: redirect_uri_mismatch
The redirect URI in the request: http://localhost:3000/_oauth/google?close did not match a registered redirect URI.

I have played with the header in the nginx config file with no luck.

I'm obviously missing something.

You should rewrite the Location headers that your backend sends to Nginx described in http://wiki.nginx.org/HttpProxyModule#proxy_redirect, so:

proxy_redirect http://localhost:3000/_oauth/google http://sub.example.com/_oauth/google;

the other option, that would work for popup-style login as well is to set the ROOT_URL environment variable for Meteor at startup as follows:

ROOT_URL="http://sub.example.com" PORT=3000 node main.js