I had a particular need with Shoutcast (since the application is 1) able to do HTTP and HTTPS on the same port, and 2) since I wanted to reverse proxy those requests for security filtering with ModSecurity) to have HTTP requests that hit the HTTPS port to upgrade those requests to HTTPS on the same port instead of just erroring out (bad protocol error). Some of this had to do with browser and other client-end mechanisms forcing an HTTPS upgrade of late, but finding it wasn’t working correctly all the time. I struggled to find a good solution but came to an answer finally on stackoverflow. I’m documenting it here for future reference and for those that may need that kind of functionality since it’s a very specific request. I normally just do a 301 redirect for situations like this, but it doesn’t seem to work when streaming media for whatever reason using particular media clients. This has done the trick.

server {
        listen 443 ssl;
        ssl_certificate /home/xxx/server.crt;
        ssl_certificate_key /home/xxx/server.key;
        error_page 497 301 =307 https://$host:$server_port$request_uri;
        location /{
            proxy_pass http://localhost:8000;
        }
}

Or you could even do:

server {
        listen 443 ssl;
        ssl_certificate /home/xxx/server.crt;
        ssl_certificate_key /home/xxx/server.key;
        error_page 497 https://$host:$server_port$request_uri;
        location /{
            proxy_pass http://localhost:8000;
        }
}

Credit goes to this question and series of answers:

https://stackoverflow.com/questions/15429043/how-to-redirect-on-the-same-port-from-http-to-https-with-nginx-reverse-proxy