SCan I ask what you're using to connect to zitadel? Are you trying to login to the console, or are you trying to call the API?
SSLocally with a hosts entry?
Sthe redirect_uri error tells me that the provided redirect_uri by the call is not matching with the trusted redirect_uris in zitadel which should be matching with auth.foo.com if you set up zitadel with this configuration, and not changed this configuration after you did the setup
SI'm by no means an expert with nginx so it's kinda hard for me to pinpoint the problem without trying to reproduce it. I know that we have an example with traeffik (https://zitadel.com/docs/guides/deploy/loadbalancing-example) maybe that helps some, otherwise maybe somebody with a bit more experience with nginx like @FFO or @Elio has an idea, if not I can look into it on monday if that helps.
With this example configuration, you create a near production environment for ZITADEL with Docker Compose.
ECan you try fro scratch and the variable ZITADEL_EXTERNALPORT=443, plz?
EIt defaults to 8080
EThe setup step has to run again, so you need to try on clean db
EZITADEL always connects with the admin user?
SYou mean the user to log into zitadel?
Etry zitadel-admin@zitadel.auth.foo.com
EYou can also allow your users to login just with their mail address, btw
SSounds good, if you have trouble with anything, just ask here 