Skip to content

Instantly share code, notes, and snippets.

@thetemplateblog
Forked from rnewson/haproxy.cfg
Last active August 29, 2015 14:10
Show Gist options
  • Save thetemplateblog/c740dd231f4298565125 to your computer and use it in GitHub Desktop.
Save thetemplateblog/c740dd231f4298565125 to your computer and use it in GitHub Desktop.
# Bind SSL port with PFS-enabling cipher suite
bind :443 ssl crt path_to_certificate no-tls-tickets ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA
# Distinguish between secure and insecure requests
acl secure dst_port eq 443
# Mark all cookies as secure if sent over SSL
rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure
# Add the HSTS header with a 1 year max-age
rspadd Strict-Transport-Security:\ max-age=31536000 if secure
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment