Since I managed to do this incorrectly a couple of times I figured it was worth noting here.
You already have a working site setup in Nginx that uses SSL. Now you want to make sure that any non-SSL requests to the site get redirected. Turns out to be very simple:
[sourcecode lang=”plain”]
server {
listen 80;
server_name example.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
[/sourcecode]
This sends back an HTTP/1.1 301 Moved Permanently
response for non-SSL requests for example.com.
Three short and easy to read lines, I like it.