I have set my server up my nginx server like this:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certificate_key /etc/ssl/private/example.com.key;
server_name example.com;
... other things down here..
}
How can I exclude directories from SSL? For example, under /static/tour I have a tour explaining the web application and there is no need to encrypt that.
OS: Ubuntu 10.04
I think you'll either want to set up another server configuration to listen on port 80, directed into the same document root (and make sure the app is forcing either SSL or non-SSL depending on URL being accessed, so the user can't just delete the 'S' from HTTPS), or use something like this: http://ariejan.net/2011/10/22/automatically-switch-between-ssl-and-non-ssl-with-nginx-unicorn-rails
This won't be possible. An SSL request is encrypted which means the server can't even tell what the URI looks like until after it has decrypted the request. There is no way of telling the client that it should send requests for a certain subdirectory using a non-SSL protocol.
As Demelziraptor said, you can set up two vhosts, one with SSL on port 443 and one without SSL on port 80.
You could easily have rewrite rules set up so that any request for
/static/touron the SSL vhost will cause a redirect to the same page on the non-SSL vhost and vice versa on the non-SSL vhost to redirect back to the SSL vhost.