Yes, ambiguous, title is, but true.
After searching everywhere and reading multiple posts on this forum, I found a solution for others like me.
I have a secure.example.com domain pointing to a container where nginx is serving 2 things:
nodejs for a very basic terms and conditions page (can’t be static in this case) and
a more complex website.
While the second must be https, I couldn’t add nodejs server unto it without breaking everything, or even tweak the static pages easily (compiled), and since terms and conditions is not sensible, it could on http.
BUT, Cloudflare “Full” SSL setup redirect http to https. And I want to keep it.
And “None” only see http, ignores the server on 443.
So you can’t have both …
You can’t have both … on the same subdomain!
The trick is to use 2 subdomains for each port (80 and 443).
Now I’ve set up one subdomain for https (the main one) and another subdomain, entered as a A record for the http.
Now, if a client enters http for the secure subdomain, it will redirect it to https, while
Why? What’s the difference?
Since the second A record points to a subdomain without a SSL certificate, Cloudflare simply accept to server the http “version”, which is a totally different website from the https, but both are served with the same nginx server in the same docker container.
Don’t forget to clear cookie and cache (Cloudflare, Browser) to see it, sometimes redirect is done by the browser too.
For the records, here’s nginx default file, might help you:
server {
listen 80;
server_name insecure.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection ‘upgrade’;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 443 ssl;
server_name secure.example.com;
include ssl.conf;
include secureserver.conf;
}
Of course, you could also isolate the http nodejs server as another container too, one port on each.