Haproxy: Difference between revisions
No edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
For working code to get an A+, see bitpost.com:/etc/haproxy/haproxy.cfg | For working code to get an A+, see bitpost.com:/etc/haproxy/haproxy.cfg | ||
==== Config ==== | |||
Config is here: | |||
🌵 m@bitpost [~/development/scripts/gentoo/bitpost/root] emacs haproxy.cfg | |||
After changing it, restart it: | |||
sudo /etc/init.d/haproxy restart | |||
2019-12-08 It was updated to use a new config format to prevent ssl less than TLS1.2. It was also updated with an attempt to redirect www.* to *, but we need updated certificates with multiple names. certbot script was updated to add them, but it has not recreated certs yet. Check back in February at the latest! | |||
Revision as of 01:58, 9 December 2019
Cipher configuration for ssl labs A rating
For working code to get an A+, see bitpost.com:/etc/haproxy/haproxy.cfg
Config
Config is here:
🌵 m@bitpost [~/development/scripts/gentoo/bitpost/root] emacs haproxy.cfg
After changing it, restart it:
sudo /etc/init.d/haproxy restart
2019-12-08 It was updated to use a new config format to prevent ssl less than TLS1.2. It was also updated with an attempt to redirect www.* to *, but we need updated certificates with multiple names. certbot script was updated to add them, but it has not recreated certs yet. Check back in February at the latest!