Nothing in the nginx config you posted is doing this. It’s almost
certainly your application that’s choosing to issue the redirect.
If I had to guess, I’d suggest that your app is redirecting you, a
non-logged-in user, to a login page, which it insists on serving over
HTTPS so your login creds can’t get sniffed.
You can verify that it’s the app that’s doing this by either
watching your app’s (not nginx’s) per-request logs and seeing a
301/302 get issued or
doing a “curl -v” against the URI you’re hitting in your browser,
and looking out for response headers that let you know it’s definitely
app responding, not nginx (for example “X-Powered-By:”, etc) or
doing a “curl -v” against the app directly, without involving
nginx, and seeing the 301/302 get issued.
Something like that, anyway; I hope you get the idea.
To stop this being a problem, you either need to
set up an SSL nginx server which informs the app that it’s a secure
connection or
lie to the app, and tell it that the HTTP connection is actually
secure
tell the app not to insist on an SSL login.
I’d suggest you do the first of these. The “X-Forwarded-Proto” header
may be your friend. Have a google.