Hi Claudio,
a few clarifications that may help narrow this down:
To disable HTTPS handling inside the OpenACS container, it is not necessary (and not recommended) to remove HTTPS-related config sections. It is sufficient to unset/comment out oacs_httpsport. Removing HTTPS entirely means OpenACS loses its secure context, which can have side effects.
When running OpenACS behind a reverse proxy (e.g. Nginx handling HTTPS), OpenACS must be explicitly configured for this. In the current container setup this is done via
ns/parameters/reverseproxymode
which can be set in docker-compose.yml using oacs_reverseproxymode.
Without this, OpenACS will have 'wrong' peer addresses, i.e. the proxy server itself.
It is also important to clarify whether oacs-a and oacs-b are meant to be independent instances or the same instance accessed twice. In the latter case, a proper cluster configuration is required; otherwise you will see inconsistencies (including location handling).
In a proxy-based setup, OpenACS ports normally should not be exposed at all—only the proxy ports should be published.
Regarding the redirect itself: browsers tend to cache scheme decisions (and sometimes HSTS-like behavior even on localhost/127.0.0.1), while tools like curl or lynx do not. Combined with OpenACS registering a “secure location” early at startup, this can easily explain why only browsers redirect to HTTPS.
all the best -g
