Nginx mapping with transparent port/proxy(?)

Wayne Werner asked:

I’m not entirely sure what it is I’m looking for here, so I’m not able to effectively search for my answer.

I’m using dehydrated for LetsEncrypt’s TLS-ALPN challenges. I’m hosting the service behind nginx by using

stream {
    map $ssl_preread_alpn_protocols $tls_port {
        ~\bacme-tls/1\b 10443;
        default 3443;
    }

    server {
        listen 443;
        listen [::]:443;
        proxy_pass 127.0.0.1:$tls_port;
        ssl_preread on;
    }
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

server {
    listen 3443 ssl;
    listen [::]:3443 ssl;

    server_name wanderingwerners.com www.wanderingwerners.com;

    ssl_certificate /path/to/my/fullchain.pem;
    ssl_certificate_key /path/to/my/privkey.pem;

    index index.html;
    root /var/www/wanderingwerners.com/;
}

This works pretty great – I can get new certs with zero downtime, and my website is accessible. However, when I access my page it works fine. When I hover over a link it shows me https://www.wanderingwerners.com/a-beginning/

Clicking on that link, though, takes me to https://www.wanderingwerners.com:3443/a-beginning/

This is undesirable – I’d prefer it show up as plain ol’ https://www.wanderingwerners.com/a-beginning/

I’m assuming that something I have setup here in nginx is what’s causing the confusion, but I’m not positive.

Is there a way that I can update my nginx config to still allow the dehydrated server to work, but also tell the browser that :3443 isn’t really what they should be connecting to? (Or at least, don’t show it in the address bar)

Update

When I do curl https://www.wanderingwerners.com/a-beginning it gives me a 301 redirect. Something is definitely happening with my nginx config here.

Another Update

When I do curl https://www.wanderingwernerx.com/a-beginning/ it works just fine so it looks like it’s doing something with the trailing /