No one has an answer to my question, so I figured out a solution:
http://forum.nginx.org/read.php?2,226823,226849#msg-226849
I had to replace `$host` with `$http_host` to get my problem resolved...
But is this safe?
It seems like all `$http_host` is doing is to exposed the whole `HOST` from header.
The explination http://forum.nginx.org/read.php?2,213799 here is still not clear to me...
Someone has any idea why would `$http_host` be more dangerous?
Thanks.