Welcome to mirror list, hosted at ThFree Co, Russian Federation.

haproxy.hbs « partials « templates « src - github.com/mozilla/ssl-config-generator.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/templates/partials/haproxy.hbs
blob: 0bc618eb2f2073a8fd4df9d3a5eee43ea1017313 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

# {{output.header}}
# {{{output.link}}}
{{!Only version 1.5.0 and newer support TLS}}
{{#if (minver "1.5.0" form.serverVersion)}}
global
    # {{form.config}} configuration
{{#if output.ciphers.length}}
    ssl-default-bind-ciphers {{{join output.ciphers ":"}}}
{{/if}}
{{#if (minver "1.9.0" form.serverVersion)}}
    {{#if (minver "1.1.1" form.opensslVersion)}}
    ssl-default-bind-ciphersuites {{{join output.cipherSuites ":"}}}
    {{/if}}
{{/if}}
    ssl-default-bind-options{{#unless (includes "SSLv3" output.protocols)}} no-sslv3{{/unless}}{{#unless (includes "TLSv1" output.protocols)}} no-tlsv10{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}} no-tlsv11{{/unless}}{{#unless (includes "TLSv1.2" output.protocols)}} no-tlsv12{{/unless}} no-tls-tickets

{{#if output.ciphers.length}}
    ssl-default-server-ciphers {{{join output.ciphers ":"}}}
{{/if}}
{{#if (minver "1.9.0" form.serverVersion)}}
    {{#if (minver "1.1.1" form.opensslVersion)}}
    ssl-default-server-ciphersuites {{{join output.cipherSuites ":"}}}
    {{/if}}
{{/if}}
    ssl-default-server-options{{#unless (includes "SSLv3" output.protocols)}} no-sslv3{{/unless}}{{#unless (includes "TLSv1" output.protocols)}} no-tlsv10{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}} no-tlsv11{{/unless}}{{#unless (includes "TLSv1.2" output.protocols)}} no-tlsv12{{/unless}} no-tls-tickets
{{#if output.usesDhe}}

    {{#if (minver "1.6.0" form.serverVersion)}}
    # {{output.dhCommand}} > /path/to/dhparam
    ssl-dh-param-file /path/to/dhparam
    {{else}}
    tune.ssl.default-dh-param 2048
    {{/if}}
{{/if}}

frontend ft_test
    mode    http
    bind    :443 ssl crt /path/to/<cert+privkey+intermediate>{{#if (minver "1.8.0" form.serverVersion)}} alpn h2,http/1.1{{/if}}
    bind    :80
{{#if form.hsts}}
    redirect scheme https code 301 if !{ ssl_fc }

    # HSTS ({{output.hstsMaxAge}} seconds)
    http-response set-header Strict-Transport-Security max-age={{output.hstsMaxAge}}
{{/if}}
{{else}}
Sorry, TLS is not supported in this version of HAProxy.
{{/if}}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 16:01:17 +0300