The url that is generated when a non logged user clicks on Browse Backend is https://<domain>/index.php/en/login. This is a valid index.php url. but it is not well managed. The url is stored in the login form with <form action="/index.php/en/login" method="post">. Perhaps when the form is received by the security module, it considers the index.php as if it was a subfolder in a pretty url. Another part of the code detects correctly that the app uses index.php url and normally prepends it to the url path, which has already index.php in it (but incorrectly as a part of a pretty url). After login, it redirects to https://<domain>/index.php/index.php/en/admin/post/, which is not a valid url.

I also checked the headers sent by Symfony using a register_shutdown_function that calls headers_list() and it contains the header Location: https://<domain>/index.php/index.php/en/admin/post/ and this is why this url is requested to the server after the redirection. It is not the web server, nginx in my case, that adds the extra index.php.