I'm just a bit surprised that "port_in_redirect off" does not also work. But that's ok -- I'm often surprised. There's a "if" in src/http/ngx_http_header_filter_module.c which changes port's value from 443 to 0 when on ssl + port initially 443 so https://adrhc.go.ro/ffp_0.7_armv5 would redirect to http when port_in_redirect is off.
"... but I don't know what is the set of conditions under which you would want this ssl-rewrite to happen, and how you would go about configuring that." I'm not sure I understand what you mean (my bad english); the entire setup is one allowing me to access my home server through the corporate firewall wile not breaking what I already have (my web sites): browser (ssl) -> sshttp:443 -> stunnel:1443 -> nginx:443:listen proxy_protocol:no ssl ssh client -> sshttp:443 -> ssh:22 -> ssh traffic detectable by firewall (I don't want that) ssh client -> stunnel in client mode:local-custom-port -> sshttp:443 -> stunnel:1443 -> ssh:22 -> firewall sees only ssl traffic (better) See https://adrhc.go.ro/wordpress/ssh-http-and-https-multiplexing/ for instructions on full setup. "It looks like nobody else has had that particular use case ..." This seems odd for me; I'm sure I'm not the only guy starving for open ports to internet (only 80 and 443 allowed) :D Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269623,269748#msg-269748 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx