ssl – nginx single location redirect to https SSL_ERROR_RX_RECORD_TOO_LONG

My nginx (1.14) configuration

server {
    listen 80 default_server;

    server_name _;

    location ~ /(download|upload) {
        proxy_pass http://download_upload;
    location / {
        #return         307 https://$host$request_uri;  
        #rewrite ^/(.*)$ https://$host$request_uri? redirect;   
        #rewrite ^(.*) https://$host$1 permanent;         
        return 302 https://$host$request_uri;

server {
    listen 443 ssl;

    ssl_certificate         /etc/letsencrypt/live/server.domain/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/server.domain/privkey.pem;
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 10m;
    ssl_prefer_server_ciphers       on;
    ssl_protocols                   TLSv1.2 TLSv1.3;
    ssl_ciphers                     ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AESGCM:!aNULL:!MD5:!DSS:!AESCCM;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Frame-Options "SAMEORIGIN";
    proxy_cookie_path / "/; HTTPOnly; Secure";
    proxy_hide_header X-Powered-By;

    location / {
        limit_conn perip 30;
        proxy_pass http://gui;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

In browser private mode for first time i enter url: — it works how I want

then I go to

It redirect me to correct location with https — works how I want

Then if I try again get /upload on http, it always redirect me to https — not working


Browser say Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Acess log - - (01/May/2021:02:56:51 +0200) "x16x03x01x02x00x01x00x01xFCx03x03xFB$x9FxA66xBExA0xDD|)=x9AxF1h4xFC@@J(RxE7x80wx00oxCEx13K#%xE8 Uyx18xBExF4xB2R/xABx08ExDFxD08lhxA8xE82ZxACx93x13x8Ax8AxF9xC7xDA%HmUx00$x13x01x13x03x13x02xC0+xC0/xCCxA9xCCxA8xC0,xC00xC0" 400 173 "-" "-"

Where is the problem and why?


remove: add_header Strict-Transport-Security “max-age=31536000; includeSubDomains” always;
rewrites, redirect 301, 302…