Commit 7325762d authored by Łukasz Nowak's avatar Łukasz Nowak

rapid-cdn: c->h: Implement Strict-Transport-Security

parent 48f41aa8
...@@ -38,7 +38,7 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181 ...@@ -38,7 +38,7 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-frontend-haproxy-configuration] [template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in _update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = d5bcc1053a11ea322ce184b5014c1979 md5sum = 7c96b713bd25fdad23ff20660e625a58
[template-frontend-haproxy-crt-list] [template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in _update_hash_filename_ = templates/frontend-haproxy-crt-list.in
......
...@@ -21,21 +21,6 @@ ...@@ -21,21 +21,6 @@
try_interval 250ms try_interval 250ms
{%- endmacro %} {# proxy_header #} {%- endmacro %} {# proxy_header #}
{%- macro hsts_header(tls) %}
{%- if tls %}
{%- if slave_parameter['strict-transport-security'] > 0 %}
{%- set strict_transport_security = ['max-age=%i' % (slave_parameter['strict-transport-security'],)] %}
{%- if slave_parameter['strict-transport-security-sub-domains'] %}
{%- do strict_transport_security.append('; includeSubDomains') %}
{%- endif %}
{%- if slave_parameter['strict-transport-security-preload'] %}
{%- do strict_transport_security.append('; preload') %}
{%- endif %}
header_downstream Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- endmacro %} {# hsts_header #}
{%- for tls in [True, False] %} {%- for tls in [True, False] %}
{%- if tls %} {%- if tls %}
{%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %} {%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %}
......
...@@ -97,6 +97,18 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }} ...@@ -97,6 +97,18 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- else %} {%- else %}
http-response add-header Via "%HV rapid-cdn-frontend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}" http-response add-header Via "%HV rapid-cdn-frontend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
{%- endif %} {%- endif %}
{%- if scheme == 'https' %}
{%- if slave_instance['strict-transport-security'] > 0 %}
{%- set strict_transport_security = ['max-age=%i' % (slave_instance['strict-transport-security'],)] %}
{%- if slave_instance['strict-transport-security-sub-domains'] %}
{%- do strict_transport_security.append('; includeSubDomains') %}
{%- endif %}
{%- if slave_instance['strict-transport-security-preload'] %}
{%- do strict_transport_security.append('; preload') %}
{%- endif %}
http-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- if info_dict['path'] %} {%- if info_dict['path'] %}
http-request set-path {{ info_dict['path'] }}%[path] http-request set-path {{ info_dict['path'] }}%[path]
{%- endif %} {# if info_dict['path'] #} {%- endif %} {# if info_dict['path'] #}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment