Merge pull request #126 from Yajo/patch-1

Better defaults for HAProxy

1 files changed, 6 insertions, 2 deletions

diff --git a/ssl-config-generator/index.html b/ssl-config-generator/index.html
index 0385cd1..2df5628 100644
--- a/ssl-config-generator/index.html
+++ b/ssl-config-generator/index.html
@@ -116,11 +116,15 @@ global
     # set default parameters to the {{securityProfile}} configuration
     tune.ssl.default-dh-param {{maxDHKeySize}}
     ssl-default-bind-ciphers {{cipherSuites}}
-    ssl-default-bind-options no-tls-tickets
+    ssl-default-bind-options {{sslProtocols}} no-tls-tickets
+    ssl-default-server-ciphers {{cipherSuites}}
+    ssl-default-server-options {{sslProtocols}} no-tls-tickets
 
 frontend ft_test
     mode    http
-    bind    0.0.0.0:443 {{sslProtocols}} crt /path/to/<cert+privkey+intermediate+dhparam>
+    bind    :443 crt /path/to/<cert+privkey+intermediate+dhparam>
+    bind    :80
+    redirect scheme https code 301 if !{ ssl_fc }
 {{hsts}}
 </pre>
     </script>