• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

From HTTPS to HTTP - Disabling SSL

Puntocom

Well-known member
#3
I changed the listen parameter to 80 and I added this extra block for the nginx configuration:
Code:
# HTTPS server
#
server {
  listen  443 ssl;
  server_name  example.com;
  return 301 http://example.com$request_uri;

  ssl  on;
  ssl_certificate  /etc/ssl/example.crt;
  ssl_certificate_key  /etc/ssl/private/example.key;
  ssl_session_timeout  5m;
  ssl_session_cache  shared:SSL:1m;
  ssl_ciphers  HIGH:!aNULL:!MD5:!RC4;
  ssl_prefer_server_ciphers  on;
}
Then restart the nginx server.
 

MattW

Well-known member
#7
Yes, and as @Mouth has indicated, if you are using STS, make sure you set that to 0 a few days prior to the switch back. I had issues with Cloudflare caching that value, and not being able to get around it.

I personally removed SSL due to the hit in my adsense revenue.
 

Tracy Perry

Well-known member
#8
I personally removed SSL due to the hit in my adsense revenue.
I guess that would be important if one actually had revenue coming in on it. :D

That's the biggest issue I have heard with it, but last I read, I thought they were pushing more ad content via SSL now?
 

Mouth

Well-known member
#11
No Need.
For Nginx:
But if a user/visitor hasn't come to your site since the previous max-age and you drop https, then their browser will fail to connect to http and that user will either have to research how to remove the site STS restriction from their browser or wait until the timeout before they can connect to your site again.
 

RoldanLT

Well-known member
#12

MattW

Well-known member
#15
I would suggest more, at least as long as the STS timeout is for.
A lot of people set this to 365 days :-s

I only really had an issue with Cloudflare and this value. They kept forcing people to https, and as soon as I moved DNS away from them, everything worked as expected on http
 

Mouth

Well-known member
#16
A lot of people set this to 365 days :-s
Yes, so if you have HTTPS active with STS of 365 days and then decided to remove HTTPS and just have HTTP, then you should ensure that you keep HTTPS active, with an STS max-age of zero, and redirecting to HTTP for up to 365 days. Otherwise, if you stop HTTPS after, say, 30 days then any browser/user that last visted your site 30+ days ago will not have picked-up the new STS setting and will refuse to connect to your HTTP site.
They'll have to know how to go into their browser advanced settings and remove the STS to enable them to connect to your HTTP site, or wait up to 11 months until they can connect!
 

HWS

Well-known member
#17
It is always a pain to switch from HTTPS to HTTP. We also had to do it because of Adsense and other ad network problems.

Time is not ready for full SSL with ad monetized forums, think twice if you plan to switch!

Beside of having the proper redirect HTTPS > HTTP in place for a very long time (even forever if there are external links to your forum you care about) you also have to renew the SSL certificate each year even if you no longer use HTTPS, because the redirects will not work if the cert is invalid.
 
#18
There are more ads available for regular http connections and https slows down the site a little.

--

@Mike @Chris D

I talked to my host about disabling ssl and they said that it is done vie my software (xenforo), how can I do this?

I currently have CPanel redirecting to an https page which is my main forum page.
 

Brogan

XenForo moderator
Staff member
#19
XF doesn't control whether your site is loaded over HTTPS or not.

The only thing you have to do in XF if switching back to HTTP is to update the Board URL.

You will also need to remove any rules you added to the .htaccess file when you implemented HTTPS.
 

WSWD

Well-known member
#20
There are more ads available for regular http connections and https slows down the site a little.

--
Very true with the ads. The additional load time is negligible on any decent server these days. You're talking on the magnitude of a few milliseconds at most.