diff options
| author | Yajo <Yajo@users.noreply.github.com> | 2016-03-02 13:46:43 +0100 |
|---|---|---|
| committer | Yajo <Yajo@users.noreply.github.com> | 2016-03-02 13:46:43 +0100 |
| commit | 332cb015935b08cf386002dbeadfda4133c99836 (patch) | |
| tree | f606ef2145f9840383f59394e3ef12946f91b305 | |
| parent | 1a41a79ca2d93bb5b86cb834cd1cc05a169221ed (diff) | |
| download | server-side-tls-332cb015935b08cf386002dbeadfda4133c99836.zip server-side-tls-332cb015935b08cf386002dbeadfda4133c99836.tar.gz server-side-tls-332cb015935b08cf386002dbeadfda4133c99836.tar.bz2 | |
Better defaults for HAProxy
Redirects with 301 HTTP to HTTPS and adds cipher and options by default to all SSL binds and servers.
| -rw-r--r-- | ssl-config-generator/index.html | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ssl-config-generator/index.html b/ssl-config-generator/index.html index 0385cd1..2df5628 100644 --- a/ssl-config-generator/index.html +++ b/ssl-config-generator/index.html @@ -116,11 +116,15 @@ global # set default parameters to the {{securityProfile}} configuration tune.ssl.default-dh-param {{maxDHKeySize}} ssl-default-bind-ciphers {{cipherSuites}} - ssl-default-bind-options no-tls-tickets + ssl-default-bind-options {{sslProtocols}} no-tls-tickets + ssl-default-server-ciphers {{cipherSuites}} + ssl-default-server-options {{sslProtocols}} no-tls-tickets frontend ft_test mode http - bind 0.0.0.0:443 {{sslProtocols}} crt /path/to/<cert+privkey+intermediate+dhparam> + bind :443 crt /path/to/<cert+privkey+intermediate+dhparam> + bind :80 + redirect scheme https code 301 if !{ ssl_fc } {{hsts}} </pre> </script> |