Optional SSL on same port, or access control/log with stream protocol

Hi!

I’m running an HTTP-based application (Plex) that decides whether or not
to use SSL based on what the client decides to talk to it.
I would like to be able to control what it does and who’s able to
connect to it a bit more, and I’d like to do that with nginx.

I’ve tried disabling all SSL, which works, but then the frontend client
that’s loaded over SSL will obviously get mixed content problems in
browsers.
The frontend client is loaded in a location on my SSL-only website, so
I’d prefer to not do that.

I can also not enable SSL completely, since Android/iOS/Chromecast
clients can’t cope with the SSL yet.

I’ve tried using the stream protocol, which obviously works fine, but it
does not seem possible to log IP’s or have access control with them at
all, is that correct?
I get not being able to log HTTP-information, but some details of the
incoming connection are certainly known, and could therefore be logged?

Kind regards,

Daniël Mostertman