Разработчик
listen 80; rewrite ^ https://$server_name$request_uri? permanent;
listen 443 ssl spdy; ssl on; ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_certificate /etc/nginx/ssl/xxx.pem; ssl_certificate_key /etc/nginx/ssl/yyy.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ssl_protocols TLSv1.1 TLSv1.2; для поддержки старого андроида ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:DES-CBC3-SHA:!DES:!RC4:!aNULL:!eNULL:!LOW:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED"; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_stapling on; ssl_stapling_verify off; ssl_trusted_certificate /etc/nginx/ssl/zzz.pem; resolver 8.8.8.8; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
для HTTP, и
для HTTPS
Спасибо большое!