RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

EXAMPLES: update the basic-config-edge file for 2.8 

- drop default ALPN values
- enable QUIC when the feature is built-in
This commit is contained in:
Willy Tarreau 2023-05-31 16:08:57 +02:00
parent a73563bfa7
commit 3ce3959498
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
examples/basic-config-edge.cfg
View File

@ -62,13 +62,20 @@ frontend stats
# stats auth admin:mystats # stats auth admin:mystats
# stats admin if { src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8 } # stats admin if { src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8 }
# First incoming public service. Supports HTTP/1.x and HTTP/2, using HSTS, # First incoming public service. Supports HTTP/1.x, HTTP/2, and HTTP/3 over
# redirects clear to TLS. Uses a dedicated host name for the stats page. # QUIC when built in, uses HSTS, redirects clear to TLS. Uses a dedicated host
# name for the stats page.
frontend pub1 frontend pub1
bind :80 name clear bind :80 name clear
bind :443 name secure ssl crt pub1.pem alpn h2,http/1.1 bind :443 name secure ssl crt pub1.pem
option socket-stats # provide per-bind line stats option socket-stats # provide per-bind line stats
.if feature(QUIC)
# indicate QUIC support for 25 hours
bind quic4@:443 name quic ssl crt pub1.pem allow-0rtt
http-response add-header alt-svc 'h3=":443"; ma=90000'
.endif
# set HSTS for one year after all responses # set HSTS for one year after all responses
http-after-response set-header Strict-Transport-Security "max-age=31536000" http-after-response set-header Strict-Transport-Security "max-age=31536000"
http-request redirect scheme https code 301 if !{ ssl_fc } http-request redirect scheme https code 301 if !{ ssl_fc }