server { listen 443; server_name example.com; error_log /var/log/nginx/example_com_error.log warn; ssl on; ssl_certificate /etc/nginx/ssl/your.crt; #certificate chains ssl_certificate_key /etc/nginx/ssl/your.key; #private key # enable compressing if needed gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; root /var/www/your/root; # most interesting part # here I remove utm_source, utm_content, utm_term, utm_campaign, utm_medium query parameters set $c_uri $args; # e.g. "param1=true¶m4=false" if ($c_uri ~ (.*)(?:&|^)utm_source=[^&]*(.*)) { set $c_uri $1$2; } if ($c_uri ~ (.*)(?:&|^)utm_term=[^&]*(.*)) { set $c_uri $1$2; } if ($c_uri ~ (.*)(?:&|^)utm_campaign=[^&]*(.*)) { set $c_uri $1$2; } if ($c_uri ~ (.*)(?:&|^)utm_medium=[^&]*(.*)) { set $c_uri $1$2; } if ($c_uri ~ (.*)(?:&|^)utm_content=[^&]*(.*)) { set $c_uri $1$2; } if ($c_uri ~ ^&(.*)) { set $c_uri $1; } set $c_uri $is_args$c_uri; if ($c_uri ~ ^\?$) { set $c_uri ""; } # finally we have stripped out utms and has nice cache key set $c_uri $uri$c_uri; # my injected script, hosted on frontend (nginx) location /hack.js { } # never cache /checkout/* location /checkout/ { proxy_pass http://backend-server.com:80/checkout/; include proxy.conf; proxy_no_cache 1; } # cache every page and static file location / { # I'm using "cleaned_uri" ($c_uri) for backend also proxy_pass http://backend-server.com:80$c_uri; # our proxy config include proxy.conf; # for debugging, just to ensure that $c_uri is correct add_header X-CACHE-KEY $c_uri; # set $c_uri as cache_key proxy_cache_key $c_uri; } } # server to force http -> https redirect server { listen 80; server_name example.com; return 301 https://example.com$request_uri; } # server to remove www server { listen 80; server_name www.example.com; return 301 https://example.com$request_uri; }