server {
                listen 80;
                rewrite ^(.*)$  https://$server_name$1 permanent;
                server_name example.com;

                if ( "$host" != 'example.com' ){
                        rewrite ^/(.*)$ http://example.com/$1 permanent;
                }
               access_log  logs/web.log main;


           location / {
                root web目录;
                index index.php index.html ;
           }


           location ~ \.php$ {
                root    web目录;
                fastcgi_pass  unix:/dev/shm/php-fpm.socket;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  web目录$fastcgi_script_name;
                include        fastcgi_params;
           }
}
server {
                listen 443;
                ssl on;       
                ssl_certificate /usr/local/data/nginx/conf/https.pem;
                ssl_certificate_key /usr/local/data/nginx/conf/https.key;
                ssl_session_timeout 5m;
                ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_prefer_server_ciphers on;
                access_log  logs/access_web.log;


                location / {
                        root web目录;
                        index index.php index.html;
                }
                
                
                location ~ \.php$ { 
                        root    web目录;
                        fastcgi_pass   unix:/dev/shm/php-fpm.socket;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME  web目录$fastcgi_script_name;
                        include        fastcgi_params;
                }
}

注意

rewrite ^(.*)$  https://$server_name$1 permanent;

这里是强制重定向,去掉以后http和https 都能同时访问