Well, this guy with two thumbs and opinions on URL generation cringes at how tightly we couple our base_urls to output in internal links. I think internal links ought to reference relative paths whenever possible.
With this particular conversation, I’m reminded of the thread here:
@Ph_We, if your nginx proxy is only listening on 443, is it possible to have Apache listen only on 443 as well? You can used self-signed certificates to avoid additional cost. This also ensures end-to-end encryption for important things, link your user credentials. I think this would allow you to turn on “force_ssl” in config.inc.php.