How can I prevent my server from redirecting to HTTPS when using my domain name?

August 27, 2019 288 views
Node.js DNS Initial Server Setup Networking Security Ubuntu 18.04

I’m having an issue with my server application where all of my HTTP requests are being redirected to HTTPS, even though I have not set anything up to do so, but only when accessing the server via my domain name, not directly via the server IP address.

To eliminate my application as the source of the issue, I’ve rebuilt my droplet with a fresh Ubuntu 18.04.3 image, installed nothing but NodeJS + NPM, and tried running the sample express (which my application is based on) “Hello World” application here:

https://expressjs.com/en/starter/hello-world.html

When I direct my browser to http://<server_IP>:3000, the application returns a “Hello World!” page as expected. However, when navigating to http://<mydomain>.com:3000, my browser gets redirected to https://<mydomain>.com:3000, resulting in an “Secure Connection Failed” error (as I have not set anything up to handle HTTPS).

My DNS appears to be set up properly, as I can ping the server just fine using the domain name, nslookup indicates it is pointing to the correct IP address, and I’m able to connect over SSH just fine using the domain name. My domain is registered with namecheap in case that matters. I also have not set up any sort of firewall.

Can anyone help me figure out what’s going on here?

2 Answers

Hello,

It is most likely your browsers cache. To test that you could run the following command from your terminal:

curl -IL yourdomain.com

This would give you the headers and you will be able to see if your domain name is actually being redirected to https. It would look something like this:

curl -IL yourdomain.com
HTTP/1.1 301 Moved Permanently
Date: Thu, 29 Aug 2019 04:50:23 GMT
Server: Apache/2.4.38 (Ubuntu)
Location: https://yourdomain.com/
Content-Type: text/html; charset=iso-8859-1

HTTP/2 200 
date: Thu, 29 Aug 2019 04:50:23 GMT
server: Apache/2.4.38 (Ubuntu)
cache-control: no-cache, private

If you don’t see the 301, then it is definitely your browser.

On the other side, nowadays it is more or less a must to have a secure connection, so I would strongly recommend implementing something like Nginx to proxy your connections to your Node app and also do the SSL termination for you. You could take a look at this guide here on how to do that:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-16-04

Hope that this helps!
Regards,
Bobby

by Brennen Bearnes
Node.js is an open source JavaScript runtime environment for easily building server-side and networking applications. Node.js applications can be run at the command line but this guide focuses on running them as a service using PM2, so that they will automatically restart on reboot or failure, and can safely be used in a production environment.

Hi Bobby,

You were spot on that it was my browser. Fetching a page through curl works just fine, but for some reason Firefox continues switching to https even after clearing the cache…

I was trying to get everything working over regular HTTP before setting up SSL, but it looks like it will be easier to just set up SSL from the beginning.

Thanks so much for the help!

Have another answer? Share your knowledge.