[Solved] Force HTTP instead of force HTTPS


#1

Hello.

A customer of mine wishes to stop using HTTPS (he has his reasons) after a few months of Let’s Encrypt.

How can I force HTTP to HTTP in EasyEngine?

The idea is to keep the current certificate, and 301 the requests on port 443.

Thanks in advance.


#2

I thought you can just do

ee site update example.com --letsencrypt=off

and then remove listen 443 ... etc. from the server block? Isn’t that enough?

And why do you need to keep requests on port 443? SEO reasons? Otherwise you can just keep:

listen 80 ... and be done.


#3

It’s not enough because there are plenty of links pointing to the HTTPS address. When someone arrives from a link of those there will be an error message.

My customer needs to go back to HTTP because the ad networks he uses don’t support HTTPS yet; instead of displaying an ad their scripts throw a “mixed content” warning.


#4

Anyways, thanks for taking time to think of this issue with me.


#5

I see , so it’s a SEO thingy. Anyway, have you tried:

`server {
    listen 443 ssl spdy2;
    server_name         example.com;
    ssl_certificate     /etc/ssl/certs/example.com.cert;
    ssl_certificate_key /etc/ssl/private/example.com.key;
    return 301 http://$server_name$request_uri;
}`

or … rewrite ^(.*) http://domain.com$1 permanent;

instead of the last line in server block. does it work or not?


#6

The problem is: where does EE stores the LE certificates? It is too esoteric, one cannot just find the configuration and edit the server block accordingly.


#7

Usually at this location:

/etc/letsencrypt/live/example.com/

and config file for a particular site here:

/var/www/example.com/conf/nginx/ssl.conf


#8

Solved it.

If someone needs, the steps I made are below.

  1. Edit /etc/nginx/conf.d/force-ssl-domain.com.conf and comment the entire file (or delete its contents).

  2. Go to /var/www/domain.com/conf/nginx and rename ssl.conf to something else not ending with .conf (I was not too creative and renamed to ssl.janio). It is necessary to avoid automatic including this file in the wrong place.

  3. ee site edit domain.com and create a new server block with just the following: server { include /var/www/domain.com/conf/nginx/ssl.janio; }

  4. Before saving the file add listen 80 in the first (original) server block.

That’s it.


#9

I want to warn you of something, it happend to me before:

If you force a permanent redirection and in the future you want to switch back to https or the contrary, people who have visited the site will have the redirection stored in their browser cache and they will have an endless redirect loop wich will endup in an error page.

I never found the solution to this problem


#10

Thanks for your word of wisdom. :slight_smile:

That’s an issue I discussed (perhaps not that friendly) with my client, and he demanded a 301, not a 302. I wash my hands.


#11

I think there is a way though to put expiry on the 301 so it will not stay in browser cache for longer than x


#12

Would you or someone know how to do this on easyengin nginx?


#13

The general syntax for Nginx’s add_header directive is:

add_header X-my-header my-header-content; 

However, I’m not able to do any testing right now. :frowning: Sorry.


#14

Ok, if you do it please let me know how and where to do it, thanks


#15