GitLab

Created by: asaparov

Hello! Firstly, thanks so much for developing this! It's been really useful for me and my work.

I have a somewhat unconventional network which forces me to use an alternate port for SSL in my nginx-gitlabhq setup (port 443 is forwarded to another machine). As far as I can tell, there is no HSTS setting that allows me to specify the alternate port, and so whenever a browser tries to access my website after the first request, it will try to establish an HTTPS connection at port 443 (and thus be directed to the wrong machine).

As a workaround, I was thinking of disabling HSTS and have nginx redirect all HTTP requests to HTTPS at the alternate port. However, there doesn't seem to be a way of disabling HSTS in gitlabhq other than setting the https configuration setting to false (which seems to affect other things as well). Is there a way of disabling HSTS, or modifying its parameters (such as duration)?