TL;DR
To resolve the issue, look for directives similar to this:
1listen 80 http2;Remove the http2.
A website would sometimes download a binary file instead of displaying a web page, I decided to investigate. I thought of two likely causes:
- A misconfiguration related to DNS
- A misconfiguration not related to DNS (rare, but I've seen it happen)
Jokes aside, a DNS problem seemed unlikely here, so I read through the NGINX configuration.
1server {2 listen 80 http2;3 return 404;4}A bit funny given that there is absolutely no reason to use HTTP-2 here. Regardless, browsers do not support HTTP/2 over TCP (h2c) so strange things were happening server-side, leading to NGINX answering with an HTTP/0.9 response, the browser treating the server response as binary and thus, trigering a "save this file" prompt. That's the explanation, but one question remains: Why did this happen inconsistently?
See, browsers are smart. If a site automatically redirects you to its HTTPS version, the browser will remember this and automatically load the HTTPS version for you the next time you visit. This means that most of the time, for previous users, the browser would just load up the HTTPS version and everything would work well. Others were left confused.
There are also HSTS preload lists, which browsers use to directly connect to a host securely01. However, this website was not on any of the preload lists.