0

I'm running an NGINX server on my local development machine, as I want to use a development domain using a proxy pass to reach my NodeJS applications. 

http://localhost:4040 -> http://www.domain.dev
http://localhost:4041 -> http://api.domain.dev

My problem is that when I try to go to www.domain.dev the browser redirects to https://www.domain.dev.

I added the ssl off directive in both the server and http contexts and it's still forcing SSL on me. I do not want to install or deal with SSL this early in development.

I've done this with Apache forever, but I wanted to try and embrace NGINX for its load balancing capabilities.

My NGINX configuration (commented lines omitted)

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;
    gzip  on;

    server {
        listen          80;
        listen          [::]:80;
        server_name     domain.dev www.domain.dev;
        ssl   off;
        location / {
            proxy_pass          http://127.0.0.1:4040;
            proxy_set_header    X-Forwarded-For $remote_addr;
            proxy_set_header    Host $http_host;
            proxy_http_version  1.1;
        }
    }

    server {
        listen          80;
        listen          [::]:80;
        server_name     api.domain.dev;
        ssl   off;
        location / {
            proxy_pass          http://127.0.0.1:4041;
            proxy_set_header    X-Forwarded-For $remote_addr;
            proxy_set_header    Host $http_host;
            proxy_http_version  1.1;       
        }
    }
}

Thanks!

mwieczorek
  • 111
  • 2
  • 1
    There is nothing about redirecting to SSL in your config. Most probably It is your node.js app doing redirect. – AlexD Apr 20 '18 at 07:17
  • It could be this problem: https://serverfault.com/questions/906339/apache2-virtual-host-auto-redirects-to-https/906383#comment1172572_906383 .dev is owned by Google and automatically redirects to HTTPS in Chrome – Lenniey Apr 20 '18 at 07:53
  • I changed .dev to .foo and it still forces HTTPS in Chrome and Firefox Developer Version. It can't be the Node app, it's just a simple expressjs application with minimal setup. – mwieczorek Apr 20 '18 at 08:04
  • .foo is affected too. Use devel or something else https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/ – Alexey Ten Apr 20 '18 at 08:13
  • Funny. I chose ".foo" at random and it's one of the two that Google does that with. What are the odds? It's working now! – mwieczorek Apr 20 '18 at 09:48

1 Answers1

0

The problem is that Chrome and FF both reserve .dev and .foo domains to automatically redirect to HTTPS.

Change your TLD to something other than those two.

mwieczorek
  • 111
  • 2
  • It's not Chrome and FF that do this. It's the global DNS. Those domains are live on the Internet, so you have been trying to use other people's domain names. – Michael Hampton Apr 20 '18 at 18:26