Ask HN: We're thinking to drop HTTP support, Thoughts?
We're planning to completely remove HTTP support across all our sites, endpoints, APIs. Meaning: Stop serving at 80 port. By doing so we'll be able to remove servers, nginx, loadbalancers, etcs that manage http traffic.This will save us a few bucks, reduce complecity and improve security.
Currently we're already forward(301) all http requests to https. Most of them bots, garbage.
Thoughts? Can we expect any problems? SEO? Browsers to refuse to connect? Or any unexpected problems?
8 comments
[ 0.27 ms ] story [ 29.7 ms ] thread[1] - https://hstspreload.org/
My question is: If we completely cease http, can we expect https run flawlessly?
If you have any inbound links to http content, you really should endeavor to make those continue to work forever.
All that said, when I ran a high volume website, I got hsts preloaded, and served favicon with hsts headers, but generally didn't redirect content pages to https. If the user had a browser supporting hsts, they would be on https, otherwise maybe they want to see the content, but their browser can't manage modern https. The page was public information only though, if you have private information, you may reasonably prefer to have server acceptable TLS or nothing.