HTTPS for statistics page

[TeLiXj]

The statistics page only can be acceded using HTTP and I don't know why Firefox or Edge redirect to HTTPS version. Only using the infamous Internet Explorer can see this page.

It's possible to enable HTTPS access or change anything to prevent the redirection on modern browsers?

Thanks

[pandabadger]

'I don't know why Firefox or Edge redirect to HTTPS version' - have you set a Strict-Transport-Security / HSTS header elsewhere for your domain?

For https easiest is to use Nginx.

[TeLiXj]

No, as I know... I have an Apache for others domains in the same machine but if I stop the service the problem persists. How to redirect to HTTPS using Nginx?

[pandabadger]

It could have been set somewhere in your frontend. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security typically it is set with a long expiration time. Worth disabling in your browser to rule this out.

For https with Nginx there are generic guides to setup as a reverse proxy. It's not quite an on/off config, and only really worth it if you also want to add https announce.

[TeLiXj]

The problem isn't related with Strict Transport Security, I tried to disable and the problem continue with the same code SSL_ERROR_RX_RECORD_TOO_LONG in Firefox and ERR_SSL_PROTOCOL_ERROR in Edge.

I don't have any special interest on HTTPS, I only want to see the statistics page :)

Can you view this page on your systems with a modern browser?

[pandabadger]

I could, yes. Do you have a public URL you can share?

[TeLiXj]

I will edit the message to remove the URL after you use it [removed]

[pandabadger]

I see your domain is added to the preload list, and also applied to subdomains: https://hstspreload.org/?domain= In firefox, about:config, then search for network.stricttransportsecurity.preloadlist, set to false and it works.

[TeLiXj]

It works!!!! Thanks a lot!!! But idk who submit my website there because 2 of my 17 subdomains don't have HTTPS and the third requirement is just this.