The first redirect is HTTP->S, and you especially want visitors to use HTTPS if there’s a login form involved.
The second redirect must have been issued by the app running on port 3000. It looks like it’s directing unauthorized users to the login page.
A good strategy to avoid this would be to redesign your website to have a HTTP-accessible landing page that doesn’t require the client to be logged in. Other than doing that, it’s not a problem that needs solving.