Static over http api over https
From Attie's Wiki
This is a sample Nginx configuration file for serving static content via HTTP, and the API via HTTPS:
server { listen 80; access_log /home/www/logs/static_access.log; error_log /home/www/logs/static_error.log; root /home/www/static; more_set_headers 'Server: MyAPI'; location = / { index index.htm.gz; } location ~* \.css\.gz$ { more_set_headers 'Content-Type: text/css'; more_set_headers 'Content-Encoding: gzip'; } location ~* \.j(s\.)?gz$ { more_set_headers 'Content-Type: text/javascript'; more_set_headers 'Content-Encoding: gzip'; } location ~* \.html?\.gz$ { more_set_headers 'Content-Type: text/html'; more_set_headers 'Content-Encoding: gzip'; } location ~* \.png\.gz$ { more_set_headers 'Content-Type: image/png'; more_set_headers 'Content-Encoding: gzip'; } } server { listen 443 ssl; ssl_certificate /home/www/api.crt; ssl_certificate_key /home/www/api.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; access_log /home/www/logs/api_access.log; error_log /home/www/logs/api_error.log; root /home/www/api; more_set_headers 'Server: MyAPI'; location / { rewrite . http://$host/ permanent; } location ~ ^/api { more_set_headers 'Access-Control-Allow-Origin: http://$host'; more_set_headers 'Access-Control-Allow-Methods: *'; more_set_headers 'Access-Control-Expose-Headers: x-json'; more_set_headers 'X-JSON: {"test":6}'; } }