Thank you Ameh Emeke Jnr!

Trying to work behind the reverse proxy means using the /etc/hosts file to short-circuit DNS to get to the correct domain on the correct IP address before updating the reverse proxy server.

But all my sites have lived on SSL/TLS for years, and all used 301 redirects to teach browsers to never ask the non-encrypted schema, only the encrypted one. The servers behind the reverse proxy do not have the certificates, so the browser refuses to connect with them.

And here is where my current hero Ameh Emeke Jnr saves my sanity (and hair; I have a very faint BoJo habit of pulling it out when frustrated.)

Over on StackOverflow Ameh answered a question about browser caching of 301s with a work-around:

Confirmed!! make the user submit a post request to the affected url and the cached redirect is forgotten.

A quick win would be to enter this in the browser console if you can:

fetch('example.com/affected/link', {method: 'post'}).then(() => {})

Useful if you know the affected browser (especially during development).

Alternatively, if you have access to the previous 301 redirect page, then you can add this script to the page and anytime it is visited, the cached 301 will be forgotten.

— answered Dec 26 ’18 at 23:43

Ajeh Emeke Jnr

Brilliant. It worked. Life is now better. Let me sweep up some of this hair.