That’s peculiar. I can reproduce in Firefox. It used to have a letsencrypt.org certificate, until we started using Fastly, as per the official recommendations. The instructions followed were these. Given the “Force HTTPS” option, I never considered this. The website got all A+ scores on Qualys’.
I thought the redirection to be provided out of the box, would it be required to configure the web.ssl.template.yml
to do this properly?
I set up a request setting to force TLS, as per this guide.
Then:
$ curl -I -L "http://community.chakralinux.org"
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Discourse-Route: categories/index
Cache-Control: no-store, must-revalidate, no-cache, private
X-Request-Id: 8711a2e1-8f03-43e2-b591-3f210d9136da
X-Runtime: 0.200937
X-Discourse-TrackView: 1
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Date: Fri, 21 Jul 2017 13:05:06 GMT
Via: 1.1 varnish
Age: 0
Connection: keep-alive
X-Served-By: cache-bma7022-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1500642307.597531,VS0,VE236
Vary: Accept-Encoding
Now:
$ curl -I -L "http://community.chakralinux.org"
HTTP/1.1 301 Moved Permanently
Server: Varnish
Retry-After: 0
Location: https://community.chakralinux.org/
Content-Length: 0
Accept-Ranges: bytes
Date: Fri, 21 Jul 2017 13:46:13 GMT
Via: 1.1 varnish
Connection: close
X-Served-By: cache-bma7022-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1500644774.956754,VS0,VE2
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Discourse-Route: categories/index
Cache-Control: no-store, must-revalidate, no-cache, private
X-Request-Id: fb53fb0c-936e-459e-8154-b8ca0176db35
X-Runtime: 0.222025
X-Discourse-TrackView: 1
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Date: Fri, 21 Jul 2017 13:46:14 GMT
Via: 1.1 varnish
Age: 0
Connection: keep-alive
X-Served-By: cache-bma7022-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1500644774.126033,VS0,VE256
Vary: Accept-Encoding