Mikrotik – redirecting YouTube to a local friendly page

You can't with your current set up.

The HSTS RFC states the following:

The UA MUST replace the URI scheme with "https" [RFC2818], and

if the URI contains an explicit port component of "80", then the UA MUST convert the port component to be "443", or

if the URI contains an explicit port component that is not equal to "80", the port component value MUST be preserved; otherwise,

if the URI does not contain an explicit port component, the UA MUST NOT add one.

NOTE: These steps ensure that the HSTS Policy applies to HTTP over any TCP port of an HSTS Host.

So going to http://www.example2.com:8443 will preserve the port and redirect to https://www.example2.com:8443 but you cannot do the same from http://www.example2.com.

So you've the following choices:

1. Stop using HSTS in Apache for example2.com and only use it in IIS for example1.com

2. Use one main server to listen to port 80 and 443 and proxy requests for example.com to the other server on port 8443. This is much cleaner as doesn't require the use on non-standard ports like 8443 by the user. However, as you are using the same IP address for both you either have to use a process called Server Name Identification or SNI (which is not supported by older browsers like XP/IE8) to correctly serve the same hosts over the same IP address for HTTPS, or use the same cert for both sites as a workaround (see answer here for an explanation of how that works).

No:

I think one of the points of includeSubdomains is to ensure that it's not possible for an attacker to hijack cookies etc. by forcing end user to load a subdomain over plain http and then them. If there was even one exception to includeSubdomains then it would be useless (assuming it's possible for the attacker to figure out what the exception is).