Simple SSL Question

Sat Jun 8 18:18:46 UTC 2013

Hi,

I'm using nginx with SSL, and I want to always redirect to www, regardless of whether the request is http or https. I just want to redirect to the respective protocol but with www.

I have the port 80 server block working fine. Beneath my first server block I have...

server {
    listen      80;
    server_name example.com;
    return 301  http://www.example.com$request_uri;
}

and this works fine. But for my port 443 server block for https, I have all kinds of information inside regarding ssl on and different ciphers to use.

I really don't want to mess up anything up related to security by doing something stupid.. so my question is on this second block for port 443 underneath the first one...

server {
    listen      443;
    server_name example.com;
    return 301  https://www.example.com$request_uri;
}

do I need anything else? do I need ssl on or any other security related things? If they visit non-www does that mean it transfers the request insecurely or something (even for a split second while its redirecting?)

Just want to make sure what I have is solid and secure. It seems to work but I want to double check.

Thanks!