Browser forces HTTPS on HTTP site

[apacheguy]

I have a personal website that runs on port 80 and a web mail server that runs on 443 on the same domain. I like to access my personal website in the Tesla browser to display useful information from a dashboard. Since a couple firmware versions back, I can no longer access the HTTP site; the Tesla browser invariably redirects me to my web mail login at port 443. Even explicitly typing “http://“ the browser overrides that and makes it “https://“. This is insanely stupid. How am I supposed to access my personal site?

 

[Supcom]

I have a personal website that runs on port 80 and a web mail server that runs on 443 on the same domain. I like to access my personal website in the Tesla browser to display useful information from a dashboard. Since a couple firmware versions back, I can no longer access the HTTP site; the Tesla browser invariably redirects me to my web mail login at port 443. Even explicitly typing “http://“ the browser overrides that and makes it “https://“. This is insanely stupid. How am I supposed to access my personal site?

Secure your web server connection?

 

[MichaelMuni]

did you explicitly type the port? http://mywebsiteis.notsecured:80

most browsers now default to https and fall back to 80 if there is no response on 443. securing a site can now be done for free and browsers are pushing for HTTPS. Google even down ranks non https sites now.


best option would be to setup a reverse proxy and subdomain.
Example:
https:\\mysite.com (IP: 10.10.10.1)
https:\\mail.mysite.com (IP: 10.10.10.1)

Both sites point to the same IP however with the reverse proxy you can make incoming traffic to mysite.com:443 route internally to :443
incoming traffic to mail.mysite.com:443 can then be routed internally to a different port like :4443

all incoming traffic comes in via 443 and gets routed to the correct port internally depending on the domain/subdomain that is being requested.

 

[luckyj]

Or if the content is all on the same server, just configure virtualhosts that point to the correct root folders (Apache terminology).

 

[bpjones]

I have a personal website that runs on port 80 and a web mail server that runs on 443 on the same domain. I like to access my personal website in the Tesla browser to display useful information from a dashboard. Since a couple firmware versions back, I can no longer access the HTTP site; the Tesla browser invariably redirects me to my web mail login at port 443. Even explicitly typing “http://“ the browser overrides that and makes it “https://“. This is insanely stupid. How am I supposed to access my personal site?

the configuration you’ve chosen for your setup is nonstandard and will continue to be problematic. YoI probably won’t like this advice, but your best bet would be to change your we server config. Run your site on 80 and SSL on 443. Move your email to another port altogether.

 

[GtiMart]

Most sites have dropped http and only support https now, TLS mandates have come to push everyone to a recent standard. Security has become critical, all network infrastructure has been forced to adapt. It's normal that browsers default to https because all sites us it. Instead of trying http, receiving an error and then moving to https like before, doing two round-trips (more traffic) and being delayed, they start with what should be right.
The browser is trying to protect you, and the car. Upgrade your server.

EDIT: Don't presume that most people understand what they do when they type a url. They probably type http://, if they type the prefix, even though they mean https... Heck, they don't understand the difference.

 

[apacheguy]

the configuration you’ve chosen for your setup is nonstandard and will continue to be problematic. YoI probably won’t like this advice, but your best bet would be to change your we server config. Run your site on 80 and SSL on 443. Move your email to another port altogether.

Mail server requires port 443 for Exchange Active Sync to work.

Solution was to run a secondary virtual host on port 8443.

 

[apacheguy]

Most sites have dropped http and only support https now, TLS mandates have come to push everyone to a recent standard. Security has become critical, all network infrastructure has been forced to adapt. It's normal that browsers default to https because all sites us it. Instead of trying http, receiving an error and then moving to https like before, doing two round-trips (more traffic) and being delayed, they start with what should be right.
The browser is trying to protect you, and the car. Upgrade your server.

EDIT: Don't presume that most people understand what they do when they type a url. They probably type http://, if they type the prefix, even though they mean https... Heck, they don't understand the difference.

There is absolutely no reason to use encryption unless you are passing sensitive information. It’s crazy to think there is no need for good old HTTP.

 

[MichaelMuni]

There is absolutely no reason to use encryption unless you are passing sensitive information. It’s crazy to think there is no need for good old HTTP.

I would say your post qualifies as a good reason... modern browsers expect HTTPS. The days of HTTPS being a hit on CPU, speed, and costs are gone. There is no good reason to make your communications visible to all.

 

[ucmndd]

There is absolutely no reason to use encryption unless you are passing sensitive information. It’s crazy to think there is no need for good old HTTP.

2007 called and wants its argument back. Let’s not be nostalgic about deprecated cleartext protocols.

I mean, except for telnet. We can be nostalgic about telnet.

^]
:wq

 

[thesmokingman]

There is absolutely no reason to use encryption unless you are passing sensitive information. It’s crazy to think there is no need for good old HTTP.

Dude its not circa 2000 anymore.