Nginx reverse proxy for RPC over HTTPS - SSL wrong version number

Question

What I am trying to do and my issues

Hello. I am setting up a node for the Cortex blockchain. I am running Ubuntu server 20.04 with the latest update/upgrade.

I am attempting to secure RPC and WS traffic through the node to prevent any potential theft.

I have been using curl to see if http is being forwarded to https.

curl -H "Host: cortex-coeus.asuscomm.com" -L https://cortex-coeus.asuscomm.com:8545 -v

I have tested using HTTP and HTTPS, with and without the 8545 port(i am only worrying about RPC right now and figure once I get RPC working, WS will follow suit) Here is the output from using the combinations of HTTP(s) and with/without port 8545. Pastebin - Console output

SSL certs were created by certbot.

Problem

Per my update below, this also now happens if using 'HTTP' instead of 'HTTPS' for the url. Output of: curl -H "Host: cortex-coeus.asuscomm.com" -L https://cortex-coeus.asuscomm.com:8545 -v

*   Trying 10.1.1.120:8545...
* TCP_NODELAY set
* Connected to cortex-coeus.asuscomm.com (10.1.1.120) port 8545 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Goal

I am only wanting to advertise a HTTPS url, but if HTTP is used, forward to HTTPS with a specified port a part of the URL. URL in question is:

https://cortex-coeus.asuscomm.com:8545

Node config

The node is configured to specifically only listen on it's private IP. It is listening on ports 18545 and 18546, respecively RPC and WS.

nginx config

ssl_certificate_key     /etc/letsencrypt/live/cortex-coeus.asuscomm.com/privkey.pem;
ssl_certificate         /etc/letsencrypt/live/cortex-coeus.asuscomm.com/fullchain.pem;

upstream cortex {
        server 10.1.1.120:18545;
}
server {
#       real_ip_header proxy_protocol;
#       set_real_ip_from 10.1.1.120;

        listen 443 ssl http2;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate_key     /etc/letsencrypt/live/cortex-coeus.asuscomm.com/privkey.pem;
        ssl_certificate         /etc/letsencrypt/live/cortex-coeus.asuscomm.com/fullchain.pem;

        server_name cortex-coeus cortex-coeus.asuscomm.com www.cortex-coeus.asuscomm.com;

        access_log /var/log/nginx/443_access.log;
        error_log /var/log/nginx/443_error.log info;

                location / {

                        #Copied from stackoverflow
                        #https://stackoverflow.com/questions/54491991/geth-websocket-over-nginx-reverse-proxy
#                       add_header          Access-Control-Allow-Origin  "$http_origin";
#                       add_header          Access-Control-Allow-Headers "authorization, content-type";
#                       add_header          Access-Control-Allow-Methods "DELETE, GET, OPTIONS, POST, PUT, UPDATE";

                        # to avoid double origin value what leads to an CORS error in the browser
#                       proxy_hide_header   Access-Control-Allow-Origin;
                        #End of copy

                        #ssl certs
                        proxy_ssl_certificate         /etc/letsencrypt/live/cortex-coeus.asuscomm.com/fullchain.pem;
                        proxy_ssl_certificate_key     /etc/letsencrypt/live/cortex-coeus.asuscomm.com/privkey.pem;


                        #These were all common header settings i found for reverse proxy setup
                        #not sure if i should be using $http_host or $host
                        proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                        proxy_ssl_server_name on;
                        proxy_set_header Host $http_host;
#                       proxy_set_header X-Forwarded-For $proxy_protocol_addr;
#                       proxy_set_header X-Real-IP       $proxy_protocol_addr;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header X-Forwarded-Proto https;
                        proxy_set_header X-Forwarded-Host $http_host;
                        proxy_set_header Upgrade $http_upgrade;
                        proxy_set_header Connection "Upgrade";
                        proxy_http_version 1.1;
                        proxy_pass http://cortex;
#                       proxy_redirect http://$http_host:8545 https://$http_host:8545;
                }

}

server {
        listen 80;
#       set_real_ip_from 10.1.1.120;
#       server_name _;
        server_name cortex-coeus cortex-coeus.asuscomm.com www.cortex-coeus.asuscomm.com;

        return 301 https://$http_host;

        access_log /var/log/nginx/80_access.log;
        error_log /var/log/nginx/80_error.log info;

#       ssl_certificate_key     /etc/letsencrypt/live/cortex-coeus.asuscomm.com/privkey.pem;
#       ssl_certificate         /etc/letsencrypt/live/cortex-coeus.asuscomm.com/fullchain.pem;

}


server {
        listen 8545;
#       set_real_ip_from 10.1.1.120;
#       server_name _;
        server_name cortex-coeus cortex-coeus.asuscomm.com www.cortex-coeus.asuscomm.com;
        return 301 https://$http_host:8545;

        access_log /var/log/nginx/8545_access.log;
        error_log /var/log/nginx/8545_error.log info;
#       ssl_certificate_key     /etc/letsencrypt/live/cortex-coeus.asuscomm.com/privkey.pem;
#       ssl_certificate         /etc/letsencrypt/live/cortex-coeus.asuscomm.com/fullchain.pem;
}

• UPDATED * Noticed that $http_host didn't carry the port 8545 with it when requesting the http url with port via curl. I had been reading up on the nginx site and thought that $http_host would carry the port with it. Maybe I need to update my proxy header forwards that just have $http_host?