How to prevent http auto-redirect to https?

Asked

Viewed 872 times

5

My web development container uses the image php:7.1-apache. To make it easier to memorize the address of the applications contained in this container, I like to edit my machine’s Hosts file and make the note this way:

127.0.0.1   site.dev

However, recently I have had difficulties with this approach, it seems that browsers have recently forced HTTPS, that is, I am redirected and consequently I fall into an error page of the browser itself since SSL is not configured in the apache server that runs in the container.

Any solution for this, other than setting up SSL?

The host system that runs the container is a Mac OS (last stable version)

Follow the data to assemble the container:

Docker-Compose.yaml

version: "3.3"
services:
  mysql:
    container_name: mysql
    image: mysql:5.7
    environment:
      MYSQL_ROOT_PASSWORD: senha_root
      MYSQL_DATABASE: banco
      MYSQL_USER: root
      MYSQL_PASSWORD: senha_user
    command: ['--character-set-server=utf8mb4', '--collation-server=utf8mb4_unicode_ci']
    volumes:
      - ./mysql/tmp:/var/lib/mysql
    restart: on-failure
    ports:
      - 3306:3306

  web:
    container_name: web
    image: web_dev
    build:
      context: .
      dockerfile: Dockerfile-web
    volumes:
      - ./projetos/:/var/www
      - ./apache/:/etc/apache2/sites-enabled/
    working_dir: /var/www
    depends_on:
      - mysql
    links:
      - mysql
    restart: on-failure #always
    ports:
      - 80:80
      - 3000:3000
      - 3001:3001

Dockerfile

FROM php:7.1-apache

MAINTAINER Fabio J L Ferreira <[email protected]>

RUN apt-get update; \
    a2enmod rewrite; \
    apt-get install -y curl unzip git npm libpng-dev; \
    curl -sL https://deb.nodesource.com/setup_8.x | bash -; \
    apt-get install -y nodejs; \
    echo "America/Sao_Paulo" > /etc/timezone; \
    curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin/ --filename=composer

# Install PHP "gd" extension
# RUN apt-get install -y libjpeg-dev libpng12-dev
# RUN docker-php-ext-configure gd --with-jpeg-dir=/usr/include/ && docker-php-ext-install gd

# Instala a extensão PHP "exif" => http://php.net/manual/en/intro.exif.php
# RUN apt-get install -y libexif-dev && RUN docker-php-ext-install exif

# Extensão "mysqi" e algumas "PDO" => http://php.net/manual/en/book.pdo.php
RUN apt-get install -y libpq-dev; \
    docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql; \
    docker-php-ext-install mysqli pdo_mysql pgsql pdo_pgsql

RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/*

COPY php/php.ini /usr/local/etc/php/

2 answers

8


According to the https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/ and the https://chromium-review.googlesource.com/c/chromium/src/+/669923

Since Chrome 63 (December 2017), will force all domains ending in .dev (and .foo) be redirected to HTTPS pre-loaded with the HTTP Strict Transport Security (HSTS) header, which will allow you to use the domain *.dev for development (now I believe to be *.test the used).

There is also the proposal to use *.localhost to always point to the 127.0.0.1 as default in https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-06

Note: the AP confirmed that the domain *.local worked for his case by changing the hosts to

127.0.0.1 site.local

I will be editing the answer with more details about these domains . dev, . local, . foo

  • 1

    @Bacco yes in the link I posted says the same as you even, it was my mistake, but you know how it is zillions of people can teach and do wrong that it’s okay :) (sorry man, there is something that is sincerely difficult -.-) ... ps: I promise to review and correct the answer :)

4

This will depend on the browser in use.

Apparently Chrome is the only one that allows you to use a localhost without SSL via the following flag:

chrome://flags/#allow-insecure-localhost
  • The tip is great! + 1 ... There is only one problem, it is accessing, after configuring the hosts, the address site.dev, probably an example, I suppose it is the address of the site in production that when accessed on the machine directly will be seen the location. But I’ll wait for the AP to make sure :)

  • 1

    Like @Guilhermenascimentop. explained, I created an example address on hosts, ie call site.dev (example) and this redirects me to 127.0.0.1 with this parameter in the request, when the server captures the request knows that should load the virtualhosts site.dev (in other words, I need to do this but without being redirected from http to https, I always got this behavior, however, I recently went back to developing and noticed that there is a redirect that I did not configure)

  • Fabio - I understand (thanks for clarifying @Guilhermenascimentop.) - I think in this case unfortunately a certificate, even self-signed, will be necessary. =/

  • For what reason does this occur, is the address 127.0.0.1 being called under the table? Because it wouldn’t make sense to say that the browser is forcing https (just for that matter) because I access http pages in real domains without any problem.

  • 1

    Ono and @Fábiojânio I couldn’t test or read all about it but I think this might help https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/ (if it is . dev or . foo)

  • 2

    Thank you @Guilhermenascimentop. I solved the problem. After reading the content contained in the link you indicated, I changed the addresses from *.dev to *.local and succeeded.

  • 1

    Excellent news! @Guilhermenascimentop. post as an answer so Fabio can accept. =)

  • @Onosendai I will do ;) is that I really was out of time, thank you

Show 3 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.