Some serverowners might be interested in understanding how to properly set up http_upload with their Prosody instance.
It's still a challenge for many admins so I want to try to enhance this situation today! :)

The following helps you to make this

>> https://domain.xyz:5280/upload/2d25f8f1b/cutekitten.jpg

to something like this

>> https://xmpp.domain.xyz/upload/2d25f8f1b/cutekitten.jpg
# (i think it makes sense to use a specific (sub-)domain for xmpp http stuff
# but it is your choice of course)
#
# In my specific case it looks like
# https://x.tchncs.de/upload/57dpkbdaSfzXOq6f/authoritah.jpg

First of all, make sure your mod_http_upload is loaded and uptodate. If it's too old, some clients may refuse to upload anything (looking at you, Conversations)
Second, you may want to check Prosody's http documentation as well. As referenced in the modules own documentation.

mod_http_upload relies on Prosodys HTTP server and mod_http for serving HTTP requests. See Prosodys HTTP server documentation for information about how to configure ports, HTTP Host names etc.

Prosody Configuration

-- tell Prosody globally to use this http url for all teh http things
http_external_url = "https://xmpp.domain.xyz/"

-- component specific configuration
Component "xmpp.domain.xyz" "http_upload"
http_host = "xmpp.domain.xyz"
http_external_url = "https://xmpp.domain.xyz/"
-- feel free to adjust this according to your needs as well btw
http_upload_path = "/var/lib/prosody/http_upload"
-- this is what i have configured as well, you may wanna ignore or modify it
-- (check the module's readme for further information)
http_upload_expire_after = 60 * 60 * 24 * 32
http_upload_file_size_limit = 20 * 1024 * 1024
http_upload_allowed_file_types = { "image/*", "text/plain", "application/pdf", "application/zip", "application/gzip" }

nginx Configuration

# /etc/nginx/sites-available/xmpp.mydomain.xyz
server {
   listen 80;
   server_name xmpp.mydomain.xyz;
   # this btw is useful to be able to run
   # certbot --webroot -w /tmp/le renew
   # or
   # certbot certonly --webroot -w /tmp/le -d xmpp.mydomain.xyz
   # without the need of putting nginx down or such, u still need to reload tho
   # not my idea, i reference the gist when found it
   location '/.well-known/acme-challenge' {
      default_type "text/plain";
      root /tmp/le;
   }
   location / {
      return 301 https://$server_name$request_uri;
   }
}
server {
   listen 443 ssl;
   listen [::]:443 ssl spdy;
   root /var/www/xmpp;
   server_name xmpp.mydomain.xyz;
   # actually this and root assumes you may have some greeter page laying around there
   index  index.html;
   # this assumes you have more tls settings in the nginx.conf - adjust it according to your needs
   ssl_certificate /etc/letsencrypt/live/mydomain.xyz/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/mydomain.xyz/privkey.pem;
   # this is still not global, as far is i remember nginx workers segfaulted
   # with this in the global config, at least there was something strange and
   # bad going on so i always do it like this
   add_header Strict-Transport-Security max-age=15768000;
   location /upload {
      proxy_pass http://127.0.0.1:5280;
      proxy_buffering off;
      proxy_set_header Host $host;
      # tbh you may not need the following,
      # i something just paste around lol
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
   }
}
# if you don't have it global already, you may want to add something like
# client_max_body_size 20m;
# to this file.

Have a great day and good luck!