systems/infrastructure
1
Fork 0
Code Issues 1 Pull Requests 14 Actions Activity

Remove SSL block from haproxy config

Browse Source
This commit is contained in:
Jake Howard 2020-01-26 18:15:19 +00:00
parent 03b3bd5ddb
commit ac5a9aa0f0
Signed by: jake
GPG Key ID: 57AFB45680EDD477
1 changed files with 3 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ansible/roles/gateway/files/haproxy.cfg
View File

@ -9,26 +9,14 @@ global
daemon daemon
maxconn 10000 maxconn 10000
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults defaults
log global log global
mode http mode http
option httplog option httplog
option dontlognull option dontlognull
timeout connect 10000 timeout connect 10000
timeout client 50000 timeout client 50000
timeout server 50000 timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http errorfile 408 /etc/haproxy/errors/408.http