Can I rewrite https to http?

Hi all,
I had an nginx as a reserve proxy, with many web sites behind. And the
nginx listen in 443(https) and 80(http).

But not all my sites behind support https, so in some sites ,I only listen
80, like this:

*    server {      listen 80;      listen [::]:80;      server_name
 nossl.abc.com <http://nossl.abc.com/>;      location / {
proxy_pass_header Server;        proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;        proxy_set_header X-Scheme
$scheme;        proxy_pass http://nossl <http://nossl/>;       }    }*

And I got a problem here, when I using http://nossl.abc.com, it works fine.
But some browser( like edge in a newly installed Windows 11), it will auto
redirect to the https site(https://nossl.abc.com), then we got a default
site of my nginx instead of nossl.abc.com

So, can I redirect the request, when user open https://nossl.abc.com, the
will be redirect to http://nossl.abc.com?

Thanks.

-- 
from:baalchina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230814/2484262f/attachment.htm>

Hi there,

Hmm. I imagine this will be tricky to not run into infinite loops, if 
it's the behaviour of the browser to redirect a HTTP page to a HTTPS one.

Wouldn't it just be easier to serve your site over HTTPS? Because in 
order to handle a redirect you'll need a valid TLS certificate anyway...

Jore

On 14/8/23 11:56 pm, baalchina wrote:
> Hi all,
> I had an nginx as a reserve proxy, with many web sites behind. And the 
> nginx listen in 443(https) and 80(http).
>
> But not all my sites behind support https, so in some sites ,I only 
> listen 80, like this:
> /    server {
>       listen 80;
>       listen [::]:80;
>       server_name nossl.abc.com <http://nossl.abc.com/>;
>       location / {
>         proxy_pass_header Server;
>         proxy_set_header Host $http_host;
>         proxy_set_header X-Real-IP $remote_addr;
>         proxy_set_header X-Scheme $scheme;
>         proxy_pass http://nossl;
>        }
>     }/
>
> And I got a problem here, when I using http://nossl.abc.com, it works 
> fine. But some browser( like edge in a newly installed Windows 11), it 
> will auto redirect to the https site(https://nossl.abc.com), then we 
> got a default site of my nginx instead of nossl.abc.com 
> <http://nossl.abc.com/>
>
> So, can I redirect the request, when user open https://nossl.abc.com, 
> the will be redirect to http://nossl.abc.com?
>
> Thanks.
>
> -- 
> from:baalchina
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230815/dda9a43d/attachment.htm>

* baalchina at gmail.com:

> So, can I redirect the request, when user open https://nossl.abc.com, the
> will be redirect to http://nossl.abc.com?

While technically possible, you might find that connecting clients may
interpret this as a "downgrade attack", because the client asked for an
encrypted connection. Obtaining a certificate from Let's Encryt or
similar seems a more suitable approach to me.

-Ralph