perusio · January 28, 2012 19:25
diff --git a/gistfile1.txt b/gistfile1.txt
 ## At the http level
 map $http_cookie $is_secure {
    default 0;
    ~SESS 1; # there's a session cookie (use SSL - authenticated user)
 }

 map $is_secure $not_secure {
    1 0;
    0 1;
 }

 ## In the non-SSL host
 server {
    listen [::]:443 ssl;
    server_name ssl.example.com;
    limit_conn arbeit 32;

    if ($is_secure) {
       return 302 https://ssl.example.com$request_uri;
    }

    ## Access and error logs.
    access_log /var/log/nginx/example.com_access.log;
    error_log /var/log/nginx/example.com_error.log;

    ## Keep alive timeout set to a greater value for SSL/TLS.
    keepalive_timeout 10 10;

    root /var/www/sites/example.com;
    index index.php;

    ## If you're using a Nginx version greater or equal to 1.1.4 then
    ## you can use keep alive connections to the upstream be it
    ## FastCGI or Apache. If that's not the case comment out the line below.
    fastcgi_keep_conn on; # keep alive to the FCGI upstream
     
    #... more stuff ...
   
 } # HTTP server


 ## In the SSL host
 server {
    listen [::]:443 ssl;
    server_name ssl.example.com;
    limit_conn arbeit 32;


    if ($not_secure) {
       return 302 http://example.com$request_uri;
    }

    ## Get the 497 error (HTTP request on a HTTPS host).
    error_page 497 =302 https://ssl.example.com$request_uri;

    ## Access and error logs.
    access_log /var/log/nginx/ssl.example.com_access.log;
    error_log /var/log/nginx/ssl.example.com_error.log;

    ## Keep alive timeout set to a greater value for SSL/TLS.
    keepalive_timeout 75 75;

    ## See the keepalive_timeout directive in nginx.conf.
    ## Server certificate and key.
    ssl_certificate /etc/ssl/certs/example-cert.pem;
    ssl_certificate_key /etc/ssl/private/example.key;

    ## Strict Transport Security header for enhanced security. See
    ## http://www.chromium.org/sts. I've set it to 2 hours; set it to
    ## whichever age you want.
    add_header Strict-Transport-Security "max-age=7200";

    root /var/www/sites/example.com;
    index index.php;

    ## If you're using a Nginx version greater or equal to 1.1.4 then
    ## you can use keep alive connections to the upstream be it
    ## FastCGI or Apache. If that's not the case comment out the line below.
    fastcgi_keep_conn on; # keep alive to the FCGI upstream
     
    #... more stuff ...
   
 } # HTTPS server
	## At the http level
	map $http_cookie $is_secure {
	default 0;
	~SESS 1; # there's a session cookie (use SSL - authenticated user)
	}

	map $is_secure $not_secure {
	1 0;
	0 1;
	}

	## In the non-SSL host
	server {
	listen [::]:443 ssl;
	server_name ssl.example.com;
	limit_conn arbeit 32;

	if ($is_secure) {
	return 302 https://ssl.example.com$request_uri;
	}

	## Access and error logs.
	access_log /var/log/nginx/example.com_access.log;
	error_log /var/log/nginx/example.com_error.log;

	## Keep alive timeout set to a greater value for SSL/TLS.
	keepalive_timeout 10 10;

	root /var/www/sites/example.com;
	index index.php;

	## If you're using a Nginx version greater or equal to 1.1.4 then
	## you can use keep alive connections to the upstream be it
	## FastCGI or Apache. If that's not the case comment out the line below.
	fastcgi_keep_conn on; # keep alive to the FCGI upstream

	#... more stuff ...

	} # HTTP server


	## In the SSL host
	server {
	listen [::]:443 ssl;
	server_name ssl.example.com;
	limit_conn arbeit 32;


	if ($not_secure) {
	return 302 http://example.com$request_uri;
	}

	## Get the 497 error (HTTP request on a HTTPS host).
	error_page 497 =302 https://ssl.example.com$request_uri;

	## Access and error logs.
	access_log /var/log/nginx/ssl.example.com_access.log;
	error_log /var/log/nginx/ssl.example.com_error.log;

	## Keep alive timeout set to a greater value for SSL/TLS.
	keepalive_timeout 75 75;

	## See the keepalive_timeout directive in nginx.conf.
	## Server certificate and key.
	ssl_certificate /etc/ssl/certs/example-cert.pem;
	ssl_certificate_key /etc/ssl/private/example.key;

	## Strict Transport Security header for enhanced security. See
	## http://www.chromium.org/sts. I've set it to 2 hours; set it to
	## whichever age you want.
	add_header Strict-Transport-Security "max-age=7200";

	root /var/www/sites/example.com;
	index index.php;

	## If you're using a Nginx version greater or equal to 1.1.4 then
	## you can use keep alive connections to the upstream be it
	## FastCGI or Apache. If that's not the case comment out the line below.
	fastcgi_keep_conn on; # keep alive to the FCGI upstream

	#... more stuff ...

	} # HTTPS server