Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
How to turn off Server Website (SSL) in OS X Server
- Thread starter superjeng
- Start date
- Sort by reaction score
You could remove the HTTP to HTTPS redirect on the Server Website to use the non HTTPS (HTTP) site.
Then just don't forward HTTPS from the Internet on the router to your server?
Then just don't forward HTTPS from the Internet on the router to your server?
Hello,
Thanks for this answer, I the same problem here. Could you tell us how to not redirect from http to https? I do not find anything on mac server app, I am pretty much ready to hack the apache server by hand if necessary... I just do not want this secured website and there is no way to remove the 443 port access from the GUI of mac server.
Thanks,
A.
You use Let's Encrypt for a free SSL certificate, and get to keep having people visit your website.
[doublepost=1500537610][/doublepost]
This is dumb advice. If you remove HTTPS, then google chrome and safari are both going to complain about your website being dangerous to visit to anyone who navigates to your website, and then it will advise your visitors to navigate away.
Inside Server.app go to Websites , open "Default Website", under "Redirects" click "Edit" and remove the redirect rule to HTTPS.
[doublepost=1500557814][/doublepost]
1. Lots of websites don't use SSL, even very large corporations. (I've just visited http://www.bbc.co.uk and didn't get any security warnings from Safari or Chrome)
2. The OP asked how to host on HTTP rather HTTPS not where to get free SSL Certificates.
Using HTTPS whenever possible is indeed a good idea. However, browsers do not warn when accessing a plain HTTP site unless the user tries to enter data on that page.
There is no whitelist of "well known websites" that don't use HTTPS. HTTP is still perfectly acceptable to any browser.
As chrfr stated HTTP is perfectly acceptable for websites. A majority of sites still use HTTP rather than HTTPS.
Your opinion may be that publishing on HTTP is bad advice but other people don't agree.
Again the OP wanted HTTP not HTTPS.
For how many more weeks ?
If you want to be accessed by anyone in future, you will need HTTPS to be trusted.
[doublepost=1501268850][/doublepost]
It is not my opinion, it is the advice of the main browser companies.
But hey, if you don't want visitors who use chrome, or safari to visit your website, continue using HTTP.
But don't kid yourself that you are correct about what the future of the browsers will require.
Weeks? You're spewing misinformation. Globally requiring HTTPS is not something that will happen without plenty of advance notice.
Both Chrome and Safari allow you to visit HTTP sites without displaying warnings.
The advance notice has been out there for almost a year by now: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
Not switching to HTTPS when setting up services today is a bad thing - especially as you can get valid and automatically renewing certificates at literally no cost at all through the Let's Encrypt initiative.
While nothing will break - yet - for static HTTP-only sites with no forms, the writing is on the wall for plain HTTP. Naturally you're right in that it's not a matter of a few weeks from the original statement of intent, but I don't think there's any way around that we're heading toward a situation where HTTP-only sites will at least look scary to casual users, or possibly even become unusable with modern browsers.