I acquired a free SSL cert from the LetsEncrypt Project and set the site up to be available via SSL only. If you request it via unencrypted HTTP, nginx will redirect you to SSL and your browser will remember it for subsequent visits.

The cipher suites I elected to support and having SNI enabled mean that the site won't work correctly on a lot of old, legacy stuff like IE6 and 8 and old Android versions, as you can see here. Well, I suppose a lot of the fanciness that ghost provides would probably fail to work correctly on old-and-busted-IE too, so there's that.