Hi, thank you for the hints.
Starting from you suggestion I modified src/http/ngx_http_header_filter_module.c like this:
#if (NGX_HTTP_SSL)
if (c->ssl || port == 443) {
*b->last++ ='s';
}
#endif
and it works!
But works hand in hand with this nginx configuration (in order to keep original request's port: 443 for me):
port_in_redirect off;
and it's important for the initial request to come with 443 port. For me the flow is: request:443 go to sshttp:444 then stunnel:1443 and in the end to nginx (listen 127.0.0.1:1080 proxy_protocol).
This affects every server where the port is evaluated to 443 which is not perfect (in odd but possible situation 443 could be a non-ssl port or someone would want this for simply other ports too).
A perfect solution I think would be one where nginx would allow me to overwrite somehow the "c->ssl" above with a nginx-custom-variable, let's say $https_override (on = force c->ssl to evaluate to true; I guess "c->ssl" takes it's value from $https that's why $https_override ...).
------------------------
https://adrhc.go.ro