Haproxy: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
==== Most important: check to ensure [https://www.ssllabs.com/ssltest ssllabs] | ==== Most important: continuously check to ensure [https://www.ssllabs.com/ssltest ssllabs] gives A+ rating ==== | ||
It's important to get a current [https://cipherli.st/ cipher configuration] right. | It's important to get a current [https://cipherli.st/ cipher configuration] right. |
Revision as of 02:03, 9 December 2019
Most important: continuously check to ensure ssllabs gives A+ rating
It's important to get a current cipher configuration right.
Config
For working code to get an A+, work on the config, here:
🌵 m@bitpost [~/development/scripts/gentoo/bitpost/root] emacs haproxy.cfg
After changing it, restart it:
sudo /etc/init.d/haproxy restart
2019-12-08 It was updated to use a new config format to prevent ssl less than TLS1.2. It was also updated with an attempt to redirect www.* to *, but we need updated certificates with multiple names. certbot script was updated to add them, but it has not recreated certs yet. Check back in February at the latest!