http {
# ... don't think these settings matter?
server {
server_name www.my-site.com nonssl1.example.com nonssl2.example.com;
location / {
proxy_pass http://upstream1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream timeout;
}
}
# THIS BLOCK SUCCEES FOR ALL SITES, TAKING OVER ALL REQUESTS
server {
listen 111.222.333.444:80;
server_name mysssl.example.com;
location / {
rewrite ^(.*) https://mysssl.example.com$1 redirect;
}
}
server {
listen 443;
server_name .example.com
ssl on;
# ssl bits...
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
error_log /var/log/nginx/ssl/example.com-error.log;
access_log /var/log/nginx/ssl/example.com-access.log;
location / {
proxy_pass http://upstream1;
proxy_set_header X-IS-SSL yes;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream timeout;
}
}