Eu tenho um aplicativo de trilhos sendo atendido pelo nginx. Eu tenho SSL ativado em todas as rotas com este conf:
server {
listen [::]:80;
listen 80;
server_name domain.com;
access_log /var/log/nginx/domain-access.log;
error_log /var/log/nginx/domain-error.log;
return 301 https://$host:443$request_uri;
}
server {
listen [::]:443 ssl spdy;
listen 443 ssl spdy;
server_name domain.com;
access_log /var/log/nginx/domain-access.log;
error_log /var/log/nginx/domain-error.log;
ssl_certificate /home/dokku/domain/tls/server.crt;
ssl_certificate_key /home/dokku/domain/tls/server.key;
keepalive_timeout 70;
add_header Alternate-Protocol 443:npn-spdy/2;
location / {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xm$
gzip_vary on;
gzip_comp_level 6;
proxy_pass http://domain;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;
}
include /home/dokku/domain/nginx.conf.d/*.conf;
}
Eu quero permitir (mas não aplicar) conexões não ssl em determinadas rotas, como estas:
domain.com => enforce ssl
domain.com/l/* => allow non-ssl
domain.com/* => enforce ssl
Como faço isso, dado o meu conf acima?
Obrigado!
Tags ssl nginx docker ruby-on-rails