Roots Discourse

HSTS Preload Submission - Error: HTTP redirects to www first

I get an error when I try to submit my site to hstspreload.org. as the site redirects directly from http://mydomain.com to https://www.mydomain.com instead of http://mydomain.com to https://mydomain.com and then finally to https://www.mydomain.com.

Does anybody know how to change the setup so this issue is resolved?

Are you using roots.io Trellis? I guess you are already using roots.io Bedrock and roots.io Sage.

Yes I’m on Trellis, Bedrock and Sage. Latest versions except Sage which is version 9. From the wordpress-site.conf.j2 file It looks like this is indeed redirecting from http://mysite.com directly to https://www.mysite.com when I have set up my wordpress_sites.yml like this:

However, I am not sure how to change this configuration in order to make this redirect to https before redirecting to www. Also, this is probably a general issue when having hsts preload enabled and using a subdomain like www as the canonical domain.

Using your configuration above Trellis/ansible generates nginx configuration.
You can check the resulting nginx configuration on the actual server after the playbook has been applied.
There are nginx blocks for redirecting from non-www to www and also one for redirecting from non-https to https. You have to ensure that the block for redirecting from non-https to https takes precedence over the other blocks for that site. For making this permanent you will have to adjust your Trellis project and change the nginx template.

This seems to improve security - on the other hand it also seems to add a performance penalty as now two redirects are required in the worst case: One from non-https to https, then one from non-ww to www (for example).