Since I managed to do this incorrectly a couple of times I figured it was worth noting here.

You already have a working site setup in Nginx that uses SSL. Now you want to make sure that any non-SSL requests to the site get redirected. Turns out to be very simple:

[sourcecode lang=”plain”]
server {
listen 80;
server_name example.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
[/sourcecode]

This sends back an HTTP/1.1 301 Moved Permanently response for non-SSL requests for example.com.

Three short and easy to read lines, I like it.