I would like to propose redirecting cleartext connections to users.rust-lang.org to https. GitHub sign-in doesn't work over the clear text connection which can be confusing to folks who haven't run into the problem before. Additionally, for a user who is already logged in, navigating to users.rust-lang.org will give you the http cleartext site by default, and you will not be signed in on that site.
Is there a good reason for keeping the non https version of this site? From what I've seen, it causes problems with auth for no real benefit.
There's still no HSTS, and I keep seeming to flap between HTTP and HTTPS, which is very annoying. Do we need to do something on our side, @codinghorror?
There was no config setup to enable HTTPS on users.rust-lang, only internals. I've ticked the boxes to make this site HTTPS-all-the-way also, and there's now redirects and HSTS headers.