From ac5a9aa0f03e6020e287f164a3bf5e5045c562c5 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sun, 26 Jan 2020 18:15:19 +0000 Subject: [PATCH] Remove SSL block from haproxy config --- ansible/roles/gateway/files/haproxy.cfg | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/ansible/roles/gateway/files/haproxy.cfg b/ansible/roles/gateway/files/haproxy.cfg index 28c586d..4f2f8ec 100644 --- a/ansible/roles/gateway/files/haproxy.cfg +++ b/ansible/roles/gateway/files/haproxy.cfg @@ -9,26 +9,14 @@ global daemon maxconn 10000 - # Default SSL material locations - ca-base /etc/ssl/certs - crt-base /etc/ssl/private - - # Default ciphers to use on SSL-enabled listening sockets. - # For more information, see ciphers(1SSL). This list is from: - # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - # An alternative list with additional directives can be obtained from - # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy - ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS - ssl-default-bind-options no-sslv3 - defaults log global mode http option httplog option dontlognull - timeout connect 10000 - timeout client 50000 - timeout server 50000 + timeout connect 10000 + timeout client 50000 + timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http