1

Topic: Can't connect to fresh install, HSTS error

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9 OPENLDAP edition.
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Debian 9.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====


Hi,

I'm trying to install iRedmail 0.9.9 and have a strange problem, probably my fault.
This mail server will only be used for internal email, it will never be exposed to the internet.

The installation runs without problems. The users backend will be OpenLdap.

After the installation I can't access to the URL https://mail.prod/mail/ because the browser it complains about HSTS. This is an internal machine with a FQDN that isn't recognise outside the network,
so I only can use a self-signed certificate.

I tried to reconfigure ngix to use only http and no matter what I do it always redirect do https.
I also try to disabe HSTS editing the file /etc/nginx/templates/hsts.tmpl


error message:
"...
mail.prod has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.
..."


iRedMail-0.9.9
Debian 9.6


Thanks in advance for any help

Carlos Baptista

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Can't connect to fresh install, HSTS error

Check /etc/nginx/sites-enabled/00-default.conf and 00-default-ssl.conf:

- we have just few lines in 00-default.conf to redirect all traffic to https.
- to enable applications in http, you can simply copy the "include ..." directive(s) from 00-default-ssl.conf to 00-default.conf (you may need some other nginx parameters too).