Nginx redirection to https conflicts with subdomains

[dolanor]

Hello, I have a yunohost configured on my server (in a LXC). I also have a deis installed (in a vagrant). All the default port for yunohost are forwarded from my main host to the yunohost LXC (ports 80, 443, 25, imap, pop, etc). To access my deis, I need a port 80 connection. Therefore, I configured a subdomain block for deis dev.domain.com that proxy everything going from *.dev.domain.com to deis vagrant IP.

My problem is :

• I go to http://myapp.dev.domain.com with a new browser profile.
• I access the app perfectly
• With the same browser profile, I go to http://domain.com
• It gets redirected to https://domain.com/yunohost/sso
• I try to go to my deis app on http://myapp.dev.domain.com with the same browser profile
• It get redirected to https://myapp.dev.domain.com and fails since no server blocks listen for that

I tried to fix it, but I don't know really what to do since the server blocks seem right. I think it must be the SSOWat that makes a permanent 301 redirect https://github.com/YunoHost/packages/blob/master/yunohost-config-nginx/config/template.conf#L6

My current workaround is to check my deis app by going on a temporary profile on chromium. But it is very annoying.

[dolanor]

I found the problem. In fact it wasn't SSOwat the culprit, but the nginx configuration with the HSTS. The includeSubdomain forces any subdomain to connect to https directly. Without even connecting to http first and be redirected instead.

I will try to make deis work with https because of the cookie stealing issue from a subdomain. If I can't, I will simply remove the includeSubdomains.