Forum List Message List New Topic Print View

dewanggaba

March 20, 2015 06:38AM

Registered: 14 years ago
Posts: 71

Hi!

You'll _never_ reach http request since you set HSTS configuration :)
If you still want some http request on your web server, disable your
HSTS directive. (see Daniel statement on previous email).

On 03/20/2015 05:14 PM, Gena Makhomed wrote:
> On 20.03.2015 11:35, Daniël Mostertman wrote:
>
>> You said that in your configuration, you have the following line:
>>
>> # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6
>> months)
>> add_header Strict-Transport-Security max-age=15768000;
>>
>> This makes nginx send a HSTS header to browsers that visit the website.
>> With this, you tell the browser to always use https:// and never use
>> http://, for the whole website.
>> If you do not disable this, any and all requests done to the site will
>> make sure that any requests for the next 6 months of that visit (you set
>> it to 6 months), will always, no matter what the user or redirect
>> types/does, use https://.
>>
>> If you want to avoid this behaviour, you should first reduce the
>> duration of the header (max-age=) to 1 second, so that browsers will
>> reduce the remaining time to 1 second.
>> Then disable it after a few days/a week, depending on how long you think
>> users take to return to your website.
>
> HSTS is good thing and should not be disabled.
>
> if you need http only for some uri - better create separate server,
> on different server_name, which works only on http, and leave https
> server for all rest https uri. for example:
>
> server {
> listen 443 ssl;
> server_name www.example.com;
>
> # HSTS (15768000 seconds = 6 months)
> add_header Strict-Transport-Security max-age=15768000;
>
> ... # HTTPS-only
> }
>
> server {
> listen 80;
> server_name www.example.com;
> location / { return 301 https://www.example.com$request_uri; }
> }
>
> server {
> listen 80;
> server_name example.com;
> location / { return 301 https://www.example.com$request_uri; }
>
> location = /mobile/PayOnlyResult.do {
> ... # HTTP-only
> }
> location = /kor/tel.do {
> ... # HTTP-only
> }
> }
>
> www.example.com - HTTPS-only, example.com - HTTP-only.
>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
https to http error "too many redirects"	jinwon42	March 19, 2015 10:29PM
Re: https to http error "too many redirects"	Dmitry Pryadko	March 20, 2015 03:32AM
Re: https to http error "too many redirects"	jinwon42	March 20, 2015 04:08AM
Re: https to http error "too many redirects"	Dmitry Pryadko	March 20, 2015 04:34AM
Re: https to http error "too many redirects"	jinwon42	March 20, 2015 04:48AM
Re: https to http error "too many redirects"	Daniel Mostertman	March 20, 2015 04:58AM
Re: https to http error "too many redirects"	jinwon42	March 20, 2015 05:20AM
Re: https to http error "too many redirects"	Daniël Mostertman	March 20, 2015 05:38AM
Re: https to http error "too many redirects"	Gena Makhomed	March 20, 2015 06:16AM
Re: https to http error "too many redirects"	dewanggaba	March 20, 2015 06:38AM
Re: https to http error "too many redirects"	Gena Makhomed	March 20, 2015 07:06AM
Re: https to http error "too many redirects"	Daniël Mostertman	March 20, 2015 07:14AM
Re: https to http error "too many redirects"	Gena Makhomed	March 20, 2015 07:42AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 195

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018