On 20.03.2015 12:36, Dewangga Bachrul Alam wrote:
You'll _never_ reach http request since you set HSTS configuration :) If you still want some http request on your web server, disable your HSTS directive. (see Daniel statement on previous email).
1. HSTS enabled only on domain name www.example.com on domain name example.com - no HSTS, no https and no redirects. 2. disabling HSTS is bad idea. HSTS should be enabled on https servers. 3. please do not top post. thank you.
HSTS is good thing and should not be disabled. if you need http only for some uri - better create separate server, on different server_name, which works only on http, and leave https server for all rest https uri. for example: server { listen 443 ssl; server_name www.example.com; # HSTS (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; ... # HTTPS-only } server { listen 80; server_name www.example.com; location / { return 301 https://www.example.com$request_uri; } } server { listen 80; server_name example.com; location / { return 301 https://www.example.com$request_uri; } location = /mobile/PayOnlyResult.do { ... # HTTP-only } location = /kor/tel.do { ... # HTTP-only } } www.example.com - HTTPS-only, example.com - HTTP-only.
-- Best regards, Gena _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
