We have the following secure site. If the user opens http://name.tld, he should be redirected to https://name.tld. We initially messed up the order of the domains in the secure site, so http://name.tld got redirected to https://sub.name.tld instead of http://name.tld.
We changed the order of the server names, but all the browsers have that redirection cached. If I disable the cache in chrome manually, it works. But any other would need to do the same.
How can we force all browsers to clear their redirect cache (preferred) or disable tell them to not cache the redirect? Is there a header we can send?
This is our site:
server { listen 80; server_name name.tld sub.name.tld localhost sub.localhost; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name name.tld sub.name.tld localhost sub.localhost; ssl_certificate /etc/ssl/certs/fullchain.pem; ssl_certificate_key /etc/ssl/private/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; # required for large JSON files client_max_body_size 50m; #charset koi8-r; #access_log /var/log/nginx/log/host.access.log main; location / { root /usr/share/nginx/html/name.tld; index index.html index.htm; } location /api { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://our-api:5000/api; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } Edit: The actual connected issue with the redirect is CORS. Requests to the API fail because the requests would be made from a different domain.
