March 20, 2015 06:38AM
Hi!

You'll _never_ reach http request since you set HSTS configuration :)
If you still want some http request on your web server, disable your
HSTS directive. (see Daniel statement on previous email).

On 03/20/2015 05:14 PM, Gena Makhomed wrote:
> On 20.03.2015 11:35, Daniël Mostertman wrote:
>
>> You said that in your configuration, you have the following line:
>>
>> # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6
>> months)
>> add_header Strict-Transport-Security max-age=15768000;
>>
>> This makes nginx send a HSTS header to browsers that visit the website.
>> With this, you tell the browser to always use https:// and never use
>> http://, for the whole website.
>> If you do not disable this, any and all requests done to the site will
>> make sure that any requests for the next 6 months of that visit (you set
>> it to 6 months), will always, no matter what the user or redirect
>> types/does, use https://.
>>
>> If you want to avoid this behaviour, you should first reduce the
>> duration of the header (max-age=) to 1 second, so that browsers will
>> reduce the remaining time to 1 second.
>> Then disable it after a few days/a week, depending on how long you think
>> users take to return to your website.
>
> HSTS is good thing and should not be disabled.
>
> if you need http only for some uri - better create separate server,
> on different server_name, which works only on http, and leave https
> server for all rest https uri. for example:
>
> server {
> listen 443 ssl;
> server_name www.example.com;
>
> # HSTS (15768000 seconds = 6 months)
> add_header Strict-Transport-Security max-age=15768000;
>
> ... # HTTPS-only
> }
>
> server {
> listen 80;
> server_name www.example.com;
> location / { return 301 https://www.example.com$request_uri; }
> }
>
> server {
> listen 80;
> server_name example.com;
> location / { return 301 https://www.example.com$request_uri; }
>
> location = /mobile/PayOnlyResult.do {
> ... # HTTP-only
> }
> location = /kor/tel.do {
> ... # HTTP-only
> }
> }
>
> www.example.com - HTTPS-only, example.com - HTTP-only.
>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

https to http error "too many redirects"

jinwon42 March 19, 2015 10:29PM

Re: https to http error "too many redirects"

Dmitry Pryadko March 20, 2015 03:32AM

Re: https to http error "too many redirects"

jinwon42 March 20, 2015 04:08AM

Re: https to http error "too many redirects"

Dmitry Pryadko March 20, 2015 04:34AM

Re: https to http error "too many redirects"

jinwon42 March 20, 2015 04:48AM

Re: https to http error "too many redirects"

Daniel Mostertman March 20, 2015 04:58AM

Re: https to http error "too many redirects"

jinwon42 March 20, 2015 05:20AM

Re: https to http error "too many redirects"

Daniël Mostertman March 20, 2015 05:38AM

Re: https to http error "too many redirects"

Gena Makhomed March 20, 2015 06:16AM

Re: https to http error "too many redirects"

dewanggaba March 20, 2015 06:38AM

Re: https to http error "too many redirects"

Gena Makhomed March 20, 2015 07:06AM

Re: https to http error "too many redirects"

Daniël Mostertman March 20, 2015 07:14AM

Re: https to http error "too many redirects"

Gena Makhomed March 20, 2015 07:42AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 194
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready