On 9 Jan 2017, at 20:22, Harald Welte laforge@gnumonks.org wrote:
Dear all,
Hi!
There probably was never any intention to have planet.osmocom.org be reachable via https, at least not consciously and not by me. It is probably simply an artefact of some other https service running on the same IP address, completely unrelated.
my apologies for temporarily adding HSTS without fully understanding the consequences. Time will solve it (and make browsers expire it but I don't remember the max-age that I used)
An alternative solution might be a reverse proxy, with a https-proxy at the osmocom server, which then forwards wia http to the real server (openmoko)?
This might be a neat solution to fix-up the HSTS issue I caused. I would not want to separate the three planes but playing proxy sounds reasonable.
Shall I create a ticket for you updating the DNS to point to the usual CNAME for our Osmocom webservices?
thank you
holger