For a server {} that you want to make both universally compatible with both http port 80 and https port 443 ssl requests.
This was my solution for my own sites.
#inside http block
upstream proxy_web_rack { #port 80 unsecured requests
server 172.16.0.1:80;
}
upstream proxy_web_rack_ssl { #port 443 secured requests
server 172.16.0.1:443;
}
#end http block
#Server block
server {
listen 80;
listen 443 ssl;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
if ($scheme = "http") {
proxy_pass $scheme://proxy_web_rack; #if scheme was http send to port 80
}
if ($scheme = "https") {
proxy_pass $scheme://proxy_web_rack_ssl; #if scheme was https send to port 443
}
} #end location
}
#end server block
That way if the recieved request from client is a https secured one proxy_pass will make sure that it goes over port 443 and remains secured.
http://www.networkflare.com/