2

I have a web server running by nginx. I registered a free domain name .tk and installed Let's Encrypt certificate. The following configuration is my HTTPS:

if ($ssl_protocol = "") {
     rewrite ^ https://$server_name$request_uri? permanent;
}

But now I remove all of HTTPS configuration in Nginx then it can not access to http://mysite.tk. I also clear cache on browser but it does not work.

Update

My nginx.conf

#user  nobody;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    keepalive_timeout  65;

    gzip  on;

    server {
        listen       80;
        # listen       443 ssl;
        server_name  xxx.tk;


        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }


        # TLS configurations
  #       ssl_certificate      /etc/letsencrypt/live/xxx.tk/fullchain.pem;
  #       ssl_certificate_key  /etc/letsencrypt/live/xxx.tk/privkey.pem;

        # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  #       ssl_prefer_server_ciphers  on;
        # ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";

        # add_header Strict-Transport-Security max-age=15768000;

        # if ($ssl_protocol = "") {
        #   rewrite ^ https://$server_name$request_uri? permanent;
        # }

        location / {
            index index.php index.html index.htm;
        }
        location /files {
            autoindex on;
        }

        location ~ \.php$ {
            root /home/tester/local/html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

    }

}

From comments:

  • I restarted daemon after modifying configuration.

  • Nginx is also listening on port 80, confirmed with:

    netstat -pltun
    
  • I cleaned everything on my browser. But it still does not work.

0

3 Answers 3

1

The most probable cause for inability to reverse HTTPS back to HTTP is the following line:

# add_header Strict-Transport-Security max-age=15768000;

Now, it is commented out, but it is probable you have tested it.

Your mistake, though, because every HSTS guide should tell you, that you shall increase the time value as per your confidence in being able to deliver the domain on HTTPS.

0

Browsers often cache http 301, http://getluky.net/2010/12/14/301-redirects-cannot-be-undon/ is a good read.

Does it work in a browser that you haven't used before on the site?

Also open your browser dev tools to see if it's still receiving the redirect after you clear your cache

0
0

It's helpful to remember first that if is evil.

Also, any incoming https requests will go to port 443 by default. Incoming requests will normally be talking ssl as well, so you may want to turn this off for the rewrite. Rather than using if, a block like this will point everything at your http listener:

server {
  listen 443;
  server_name _;
  ssl off;
  rewrite ^ http://$server_name$request_uri?$args permanent;
}

Best practice is to have your http and https servers separately defined— one per port you're listening on. It makes troubleshooting much easier, and will give you fewer headaches down the road.

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.