NGINX prevent direct access to directory but allow rewrites

Nginx has to be compiled with http://wiki.nginx.org/NginxHttpHeadersModule (default on Ubuntu and some other Linux distros). Then you can do this

location ~* \.(eot|ttf|woff|woff2)$ {
    add_header Access-Control-Allow-Origin *;
}

I ended up changing the $uri to $request_uri so args can be handled without redirect loops.

server {
  listen              443;
  set $ssltoggle 2;
  if ($uri ~ ^/(img|js|css|static)/) {
      set $ssltoggle 1;
  }
  if ($request_uri = '/') {
      set $ssltoggle 1;
  }
  if ($ssltoggle != 1) {
      rewrite ^(.*)$ http://$server_name$1 permanent;
  }
}

Then I changed the http block to do an immediate rewrite if the location was = /

server {
  listen              80;
  location = / {
      rewrite ^(.*)$ https://$server_name$1 permanent;
  }
  if ($ssltoggle = 1) {
      rewrite ^(.*)$ https://$server_name$1 permanent;
  }
}

I have the IF statements still to handle other rewrites and then all the specific serving is done below those. It's probably just my specific configuration that results in redirect loops and errors when I attempt to handle everything as Christopher suggested or the way I originally presented in my question.