You said that in your configuration, you have the following line:
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
This makes nginx send a HSTS header to browsers that visit the website.
With this, you tell the browser to always use https:// and never use
http://, for the whole website.
If you do not disable this, any and all requests done to the site will
make sure that any requests for the next 6 months of that visit (you set
it to 6 months), will always, no matter what the user or redirect
types/does, use https://.
If you want to avoid this behaviour, you should first reduce the
duration of the header (max-age=) to 1 second, so that browsers will
reduce the remaining time to 1 second.
Then disable it after a few days/a week, depending on how long you think
users take to return to your website.
jinwon42 schreef op 20-3-2015 om 10:20:
> You should set it to 1 for a while and then disable it.
>
> What's mean?
>
> How can i do? Please teach me.
>
> Thanks
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257458,257472#msg-257472
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx