http { # ... don't think these settings matter? server { server_name www.my-site.com nonssl1.example.com nonssl2.example.com; location / { proxy_pass http://upstream1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream timeout; } } # THIS BLOCK SUCCEES FOR ALL SITES, TAKING OVER ALL REQUESTS server { listen 111.222.333.444:80; server_name mysssl.example.com; location / { rewrite ^(.*) https://mysssl.example.com$1 redirect; } } server { listen 443; server_name .example.com ssl on; # ssl bits... ssl_certificate /etc/nginx/ssl/example.com.crt; ssl_certificate_key /etc/nginx/ssl/example.com.key; error_log /var/log/nginx/ssl/example.com-error.log; access_log /var/log/nginx/ssl/example.com-access.log; location / { proxy_pass http://upstream1; proxy_set_header X-IS-SSL yes; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream timeout; } }