So I enabled SSL Cloudflare for my website, everything was working perfect but today I wanted to try something and I noticed HTTPS was downmain and sub domains force http. And I turned off Apply HSTS policy to subdomains (includeSubDomains). So what to do?
Basically I only want HTTPS forced on specific sub domains, not on every one. I use Nginx. How to do that?
Just to clarify, you turned off includeSubDomains now, but it was on previously?
Browsers that have previously visited your site while includeSubDomains was enabled will remember this setting and force HTTPS for subdomains (at least until the HSTS record expires, typically a few months). The only way to get around this is for clients to visit your main domain while includeSubDomains is disabled - this will stop your subdomains from being forced to use HTTPS (unless they also have a HSTS header that’s previously been cached).
You might also want to verify that your domain wasn’t added to the HSTS preload list, something that CloudFlare can do for you (though they show a number of warnings). That’s a list of domains baked into various browser binaries which should never be accessible via anything other than HTTPS. If your domain is on that list, you won’t be able to get around HSTS at all. There’s a removal process (see link above), but it might take a couple of months to push that as an update to all browsers.
First remove CloudFlare from the equation + verify certs are working.
CloudFlare usage tends to break SSL many times.
When I take on a new hosting client, first tech I strip out is CloudFlare (or any other CDNs) which resolves many difficult to diagnose problems.
As for performance, native Apache + libapache2-mod-php (Debian/Ubuntu) easily tunes to 5000+ reqs/second throughput for WordPress sites. For static media (if you have many large videos/audios/images, setup your own cookie-less CDN on some other host record like - http://media.example.com + all will be well.
I’ve removed cloudflare and + ssl. And my site has so many NET::ERR_CERT_AUTHORITY_INVALID. Maybe I didn’t understood about nginx + wordpress. Because I installed vpssim for my site