Haproxy: Difference between revisions

Revision as of 02:05, 9 December 2019

Most important: continuously check to ensure ssllabs gives A+ rating

It's important to get a current cipher configuration right.

Config

For working code to get an A+, work on the config, here:

 🌵 m@bitpost  [~/development/scripts/gentoo/bitpost/root] emacs haproxy.cfg

After changing it, restart it:

sudo /etc/init.d/haproxy restart

2019-12-08 It was updated to use a new config format to prevent ssl less than TLS1.2. It was also updated with an attempt to redirect www.* to *, but we need updated certificates with multiple names. certbot script was updated to add them, but it has not recreated certs yet. Check back in February at the latest!

Revision as of 02:04, 9 December 2019 (view source) M (talk \| contribs) No edit summary ← Older edit		Revision as of 02:05, 9 December 2019 (view source) M (talk \| contribs) No edit summary Newer edit →
Line 1:		Line 1:
	==== Most important: continuously check ssllabs ====		==== Most important: continuously check to ensure [https://www.ssllabs.com/ssltest ssllabs] gives A+ rating ====

	It's important to get a current [https://cipherli.st/ cipher configuration] right.		It's important to get a current [https://cipherli.st/ cipher configuration] right.

Haproxy: Difference between revisions

Revision as of 02:05, 9 December 2019

Most important: continuously check to ensure ssllabs gives A+ rating

Config

Intro

SSL