With the following configuration, paths beginning with /admin, /account, and /secret
will be served using HTTPS, while other paths are served unencrypted. The solution is neither beautiful nor straightforward, so let me know if you have a better one. Also make sure to use //example.com-style references to eliminate browser warnings about mixing secure and non-secure items.
server {
listen 80;
listen 443 default ssl;
server_name .example.com;
location / {
set $ssl_magic "";
if ($request_uri ~ ^/(admin|account|secret)) {
set $ssl_magic "${ssl_magic}N";
}
if ($scheme = http) {
set $ssl_magic "${ssl_magic}H";
}
if ($ssl_magic = NH) {
rewrite ^ https://$host$request_uri permanent;
}
if ($ssl_magic = "") {
rewrite ^ http://$host$request_uri permanent;
}
# further configuration ...
}
}
