redirect with https only for specific url on nginx

Question

I'm trying to get the https working with some urls. but it seems that the https goes everywhere. In details, I have created 2 vhosts on Nginx. The first virtual host with port 80 and the other one with 443 containing SSL. now my site .i.e domain.com works for both http and https and this is not what I want. I want the https working on one some urls I specify with rules in Nginx vhost.

The main issue is when I try that I get my main site first with http then when I go to a url that contains https "secure_area", it works fine. However, whenever I go after that somewhere else in my site, the https keep going on all other urls.

here is my 443 vhost config:

ssl_session_cache shared:SSL:5m; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

server {
        listen 443 ssl spdy;
        listen [::]:443 ssl spdy;
        #server_name www.mydomain.com;

        ssl_session_timeout 5m;
        root /vars/www/public_html/;
        index index.php index.html index.htm;
        ssl_certificate /path_to_ssl/certificate.pem;
        ssl_certificate_key /path_to_key/server.key;
        ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS';
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location / {
        try_files $uri $uri/ /index.php;
        }

         location ~ \.php$ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8080;
         }

         location ~ /\.ht {
                deny all;
        }

        # Serve static files directly
        location ~* \.(png|jpe?g|gif|ico)$ {
                expires 1y; access_log off; try_files $uri $uri/ @rewrite; gzip off;
        }
        location ~* \.(css)$ {
                expires 1d; access_log off;
        }
        location ~* \.(js)$ {
                expires 1h; access_log off;
        }
        location /secure_area/ {
        auth_basic            "Restricted";
        auth_basic_user_file  htpasswd;
        rewrite ^ https://$http_host$request_uri? permanent;
        }


    }

and here is my 80 vhost config:

server {
        listen 80 default_server;
        server_name mydomain.com;
        return 301 http://www.mydomain.com;
}

server {
        listen 80;
        server_name www.mydomain.com;
        root /vars/www/public_html/;
        index index.php index.html index.htm;

        location / {
        try_files $uri $uri/ /index.php;
        }
         location ~ \.php$ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8080;
         }
         location ~ /\.ht {
                deny all;
        }

            location /secure_area/ {
        rewrite ^ https://$http_host$request_uri? permanent;
        }

    }

in case no one noticed, Nginx is working as reverse proexy at front end Apache

now does anyone have any idea how to force https only on some urls and in my case secure_area and force http on all other urls?

Thanks

Answer 1

You can tell the SSL server to redirect back to http if any other URL is visited

server {
  listen 80;
  server_name example.com;
  # normal http settings
  location /secure_area/ {
    return 301 https://$http_host$request_uri$is_args$query_string;
  }
}
server {
  listen 443 ssl spdy;
  server_name example.com;
  # ssl settings;
  location /secure_area/ {
    #serve secure area content
  }
  location / {
    return 301 http://$http_host$request_uri$is_args$query_string;
  }
}