I have set hsts for my domain on the site http://server.mydom.tld:80, so the brower goes to port https://server.mydom.tld on port 443
However, I also have other webservers, running on other ports.
So when I go to http://server.mydom.tld:8888 it gets forwarded to https://server.mydom.tld:8888, but that server does not run https, so the request fails.
Is that according to spec?
I noticed I don't run hsts on http://mydom.tld or http://www.mydom.tld, which is probably a mistake.
What to do?
Best Answer
Yes, this is intentional. RFC 6797 states:
You should run plain HTTP services on a different domain, or even better, use a HTTP+TLS server as a reverse proxy to the internal plain HTTP service.