Answer the question
In order to leave comments, you need to log in
Y
Y
Yuri2019-02-18 22:25:36
Yuri, 2019-02-18 22:25:36
How to disable HSTS on a subdomain in nginx?
Good day.
There is a domain with a certificate, its config is as follows:
server {
listen 80;
server_name domain.ru;
return 301 https://domain.ru$request_uri;
}
server {
listen 80;
server_name www.domain.ru;
return 301 https://domain.ru$request_uri;
}
server {
listen 443;
server_name www.domain.ru;
return 301 $scheme://domain.ru$request_uri;
}
server {
server_name domain.ru;
charset UTF-8;
index index.html;
disable_symlinks if_not_owner from=$root_path;
passenger_enabled on;
rails_env production;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/domain.ru/*.conf;
access_log /var/www/httpd-logs/domain.ru.access.log;
error_log /var/www/httpd-logs/domain.ru.error.log notice;
set $root_path /var/www/domain/data/www/domain.ru/current/public;
root $root_path;
listen 129.221.92.220:443 ssl default_server;
gzip on;
gzip_comp_level 7;
gzip_disable "msie6";
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!RC4:!aNULL:!MD5:!kEDH";
ssl_certificate /var/www/domain/data/www/domain.ru/ssl/domain.ru.chain.crt;
ssl_certificate_key /var/www/domain/data/www/domain.ru/ssl/private.key;
add_header Strict-Transport-Security "max-age=31536000;";
}And there is a subdomain with the following config:
server {
listen 129.221.92.220:443 ssl;
server_name sub.domain.ru;
return 301 http://sub.domain.ru$request_uri;
}
server {
server_name sub.domain.ru;
listen 129.221.92.220:80;
listen [2x06:7k3:133:85a::2]:80;
charset UTF-8;
index index.html;
disable_symlinks if_not_owner from=$root_path;
passenger_enabled on;
rails_env production;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/sub.domain.ru/*.conf;
access_log /var/www/httpd-logs/sub.domain.ru.access.log;
error_log /var/www/httpd-logs/sub.domain.ru.error.log notice;
set $root_path /var/www/domain_sub/data/www/sub.domain.ru/current/public;
root $root_path;
gzip on;
gzip_comp_level 3;
gzip_disable "msie6";
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
location / {
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
ssl off;
add_header Strict-Transport-Security "max-age=0;";
}How to disable redirect to https for subdomain?
If you go directly to the subdomain - it opens normally. If you open the main site in a new tab, and then try to go to a subdomain, it redirects to https and, accordingly, an error occurs that the HSTS mechanism is used and the site cannot be opened.
Similar questions
U
R
M
M
Y
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question