From HTTPS to HTTP - Disabling SSL
- Thread starter Joe Link
- Start date
WSWD
Well-known member
Why would you?
Puntocom
Well-known member
I changed the listen parameter to 80 and I added this extra block for the nginx configuration:
Then restart the nginx server.
Code:
# HTTPS server
#
server {
listen 443 ssl;
server_name example.com;
return 301 http://example.com$request_uri;
ssl on;
ssl_certificate /etc/ssl/example.crt;
ssl_certificate_key /etc/ssl/private/example.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:1m;
ssl_ciphers HIGH:!aNULL:!MD5:!RC4;
ssl_prefer_server_ciphers on;
}
.
Mouth
Well-known member
If you had STS active, make sure you deal with that before removing SSL
TPerry
Well-known member
I guess that would be important if one actually had revenue coming in on it.
That's the biggest issue I have heard with it, but last I read, I thought they were pushing more ad content via SSL now?
Mouth
Well-known member
I would suggest more, at least as long as the STS timeout is for.
Mouth
Well-known member
But if a user/visitor hasn't come to your site since the previous max-age and you drop https, then their browser will fail to connect to http and that user will either have to research how to remove the site STS restriction from their browser or wait until the timeout before they can connect to your site again.
Mouth
Well-known member
Nevermind, you're not seeing the workflow and problem.
MattW
Well-known member
A lot of people set this to 365 days :-s
I only really had an issue with Cloudflare and this value. They kept forcing people to https, and as soon as I moved DNS away from them, everything worked as expected on http
Mouth
Well-known member
Yes, so if you have HTTPS active with STS of 365 days and then decided to remove HTTPS and just have HTTP, then you should ensure that you keep HTTPS active, with an STS max-age of zero, and redirecting to HTTP for up to 365 days. Otherwise, if you stop HTTPS after, say, 30 days then any browser/user that last visted your site 30+ days ago will not have picked-up the new STS setting and will refuse to connect to your HTTP site.
They'll have to know how to go into their browser advanced settings and remove the STS to enable them to connect to your HTTP site, or wait up to 11 months until they can connect!
It is always a pain to switch from HTTPS to HTTP. We also had to do it because of Adsense and other ad network problems.
Time is not ready for full SSL with ad monetized forums, think twice if you plan to switch!
Beside of having the proper redirect HTTPS > HTTP in place for a very long time (even forever if there are external links to your forum you care about) you also have to renew the SSL certificate each year even if you no longer use HTTPS, because the redirects will not work if the cert is invalid.
Time is not ready for full SSL with ad monetized forums, think twice if you plan to switch!
Beside of having the proper redirect HTTPS > HTTP in place for a very long time (even forever if there are external links to your forum you care about) you also have to renew the SSL certificate each year even if you no longer use HTTPS, because the redirects will not work if the cert is invalid.
Webby
Member
There are more ads available for regular http connections and https slows down the site a little.
--
@Mike @Chris D
I talked to my host about disabling ssl and they said that it is done vie my software (xenforo), how can I do this?
I currently have CPanel redirecting to an https page which is my main forum page.
WSWD
Well-known member
Very true with the ads. The additional load time is negligible on any decent server these days. You're talking on the magnitude of a few milliseconds at most.
Similar threads
- Solved
- Question
- Solved
