This morning I bought the domain orng.social to host our mastodon instance, Mastodon works just fine inside a docker container and all the web duties are done by my trusty nginx.
I have set up hundreds of redirects in nginx to redirect a site from http to https. Here, I’m unable to do that. My redirect fails, Cloudflare’s Use https page rule fails, Cloudflare’s redirect to https://orng.social also fails.
What I get instead is a 57 byte stream (I have no clue where it is coming from as it’s definitely not my server pushing that)
Now, if anyone visits the site by just entering orng.social in their browser, they’re offered a file download, If someone explicitly enters http://orng.social they are again offered a file download.
if someone enters https://orng.social, our HSTS comes in play and forces the domain to redirect to https everytime so you will have to use incognito to do it again and the same story repeats.
Does anyone have any explanation about what may be happening? in the meanwhile I’ve contacted my data center and domain registrar to seek an answer from their side as well.