diff options
Diffstat (limited to 'baserock_frontend')
-rw-r--r-- | baserock_frontend/haproxy.cfg | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/baserock_frontend/haproxy.cfg b/baserock_frontend/haproxy.cfg index e434c029..0ab58574 100644 --- a/baserock_frontend/haproxy.cfg +++ b/baserock_frontend/haproxy.cfg @@ -18,6 +18,8 @@ global # the default. tune.ssl.default-dh-param 2048 + ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH + defaults mode http timeout connect 5000ms @@ -38,7 +40,7 @@ frontend https-in # This means we only need to have the certificate in one place, and the # configuration of the other instances is simpler. It does mean that we # need to avoid having any insecure machines in the cloud. - bind *:443 ssl crt /etc/pki/tls/private/baserock.pem + bind *:443 ssl no-sslv3 crt /etc/pki/tls/private/baserock.pem reqadd X-Forwarded-Proto:\ https # Rules below here implement the URL-based forwarding to the |