On 4/20/2016 12:56 PM, PiBa-NL wrote: > Op 20-4-2016 om 20:45 schreef Shawn Heisey: >> The problem is that if I try to go tohttp://spark.REDACTED.com:8080/ >> ... this is redirected tohttps://spark.REDACTED.com:8080/ ... and I get >> this in the log: > Are you using HSTS on that domain name? > Can you check the networking tab of firebug/chrome what reply it gets on > the first http request? I think the browser might not even send that > http request to start with if it knows about a hsts header previously > received..
This fits. Thank you for uncovering the mystery! I *am* having haproxy include a strict host security header on responses from the spark app. So I guess my browser is "helping" me. I will add a "stats uri" line to the https frontend for the spark app with a custom URL path that we will never mention outside the company. It will be accessible from the Internet, but as long as nobody ever knows what the URL path is, that should be OK. I can always ACL it if that becomes a problem. Thanks, Shawn
