Hi, thank you for the hints.
Starting from you suggestion I modified src/http/ngx_http_header_filter_module.c like this:

#if (NGX_HTTP_SSL)
if (c->ssl || port == 443) {
*b->last++ ='s';
}
#endif

and it works!

But works hand in hand with this nginx configuration (in order to keep original request's port: 443 for me):
port_in_redirect off;

and it's important for the initial request to come with 443 port. For me the flow is: request:443 go to sshttp:444 then stunnel:1443 and in the end to nginx (listen 127.0.0.1:1080 proxy_protocol).

This affects every server where the port is evaluated to 443 which is not perfect (in odd but possible situation 443 could be a non-ssl port or someone would want this for simply other ports too).

A perfect solution I think would be one where nginx would allow me to overwrite somehow the "c->ssl" above with a nginx-custom-variable, let's say $https_override (on = force c->ssl to evaluate to true; I guess "c->ssl" takes it's value from $https that's why $https_override ...).

------------------------
https://adrhc.go.ro