diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
index 0240a8c4ecc46d6084f0e7d7dc50eaefdf7f9e35..e7dbbe267c5873516623cee7c7d3640f212a2600 100644
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -1,10 +1,32 @@
+<tmpl_if name='ssl_enabled'>
+<tmpl_if name='rewrite_to_https' op='==' value='y'>
+server {
+        listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
+<tmpl_if name='ipv6_enabled'>
+        listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
+</tmpl_if>
+        server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
+        access_log off;
+		rewrite ^ https://$http_host$request_uri? permanent;
+}
+</tmpl_if>
+</tmpl_if>
+
 server {
+<tmpl_unless name='ssl_enabled'>
         listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
 <tmpl_if name='ipv6_enabled'>
         listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
 </tmpl_if>
+</tmpl_if>
 		
 <tmpl_if name='ssl_enabled'>
+<tmpl_if name='rewrite_to_https' op='!=' value='y'>
+        listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
+<tmpl_if name='ipv6_enabled'>
+        listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
+</tmpl_if>
+</tmpl_if>
         listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
 		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 		# ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
@@ -35,13 +57,6 @@ server {
             rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
         }
 </tmpl_loop>
-<tmpl_if name='ssl_enabled'>
-<tmpl_if name='rewrite_to_https' op='==' value='y'>
-        if ($scheme != "https") {
-            rewrite ^ https://$http_host$request_uri? permanent;
-        }
-</tmpl_if>
-</tmpl_if>
 
 <tmpl_loop name="own_redirects">
 <tmpl_if name='use_rewrite'>