firefox tries to open http subdomain as https [ nginx configuration ]

nginx

Solution 1:

That's what HSTS is supposed to do. Once a browser has visited the https version of a site and received the HSTS header back, it will always request the https version until the expiry date, which in your case is one year.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

And because you have includeSubDomains, subdomains are included.

To switch HSTS off, change the max-age to 1, request the https version again to cache the new header, wait 1 second then try the http version.

Or you could just remove includeSubDomains and then request the https version again to cache the header.

Related

Can an Apache proxy send one request to multiple servers?
How do you properly do Disaster Recovery for a file server?
CPU Affinity setting not sticking
Is there a way to grep gzipped content in hdfs without extracting it?
Emails sent from my server to Hotmail never arrive
Is enabling https on a Cisco router a considerable security risk?
Is there any reason to keep the power option on default "Balanced" instead of "high performance"?
Do I have 2 different Apache installations on my VPS
Can vSphere PowerCLI cmdlets execute from a PS1 file?
Filtering GRE enacpsulated packets with tcpdump
postfix not relying mail from remote hosts
Is there a way to change passwords on multiple servers simultaneously?