Avoiding duplicate code in my nGinx configuration

As far as requiring SSL for login and dashboard access, there are a number of solutions. One simple one is to edit wp-config.php and just above the line that states /* That's all, stop editing! Happy blogging. */ add define('FORCE_SSL_ADMIN', true);.

Personally, I don't worry about abuse of https version of a site as search engines will by default link to non-https versions of sites, so unless your users are regularly logging in, only a tiny fraction of them would be using the https version of the site, thus negligible increase in server load, but YMMV.

You might find many of the tips in this Ars Technica article, Web Served, part 5: A blog of your own, useful.

You may also want to review the common configuration pitfalls at nginx.org.

to avoid nginx duplication in location blocks either use nginx includes OR use nested location blocks - A nested location block example follows ...

    location / {
        proxy_pass http://mywebfeservers;
        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_set_header Host $http_host;
        proxy_set_header X-Request-ID $uuid;
        proxy_set_header Via $via;

        location /aaa {
            # proxy_pass is not inherited, unsure about proxy_http_version
            proxy_pass http://mywebfeservers;
            proxy_http_version 1.1;
            # Prevent caching
            if_modified_since off;
        }
    }

Here all locations have these various headers set. Only the /aaa location prevents caching however BUT it still uses the same headers without repeating the config. Sadly, you DO HAVE TO repeat proxy pass since inheritance does not work with the proxy pass directive (for reasons of which I am unaware).