I wanted to create a client portal of sorts to allow my clients to login and check billing status/history etc.  Since I pre-dominantly program websites in Django that part was a no brainer. But what was troubling me was dealing with the SSL and non-SSL parts.  I had only ever created "secure sites" in the past where everything was behind a login and run over SSL.  It was the flipping back and forth between secure and non that had me a little puzzled on how to implement.

I did some reading and eventually settled (for now) on using nginx (which I use as my main webserver) to look at the paths and redirect as needed:

if ($uri ~ (/bromin|/accounts|/invoices|/sf)) {
    rewrite (.*) https://nomad.ca$1 permanent;
}

So I have one of these blocks in the standard port 80 definition and another in the secure socket definition (with the operator switched to !~ and the rewrite to http).

The only reason I don't like this implementation is that the links in the HTML are not updated. So a link may claim it will take you to a secure page but might redirect to a non-secure page if the SSL isn't needed.  This violates a bit of what I would consider safe coding practice as a prudent user would notice the difference and it may raise suspicion.  However since I haven't even purchased a signed certificate this will do for now.