skylenet
commented
5 years ago I think that I would prefer to not have this one as a default.
You can still add that field to your individual deployments if you want to.
I think that most of our TLS issues right now are due to the fact that we're always requesting certificates from LetsEncrypt via an ACME challenge. This takes some time until the certificates are in place, and until there, you basically are getting an invalid certificate for that hostname.
This kind of problems should be solved once we start using a default wildcard certificate.
We have HSTS headers on the website, but I'd rather we don't enforce SSL on nginx level, so that we simplify testing of Swarm.