Hello Bartek I assumed it was haproxy related and as such my example will work. However I hope the link below helps you get going with NGINX
https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ Regards Andrew Smalley Loadbalancer.org Ltd. On 26 February 2017 at 16:47, Bartek Radziszewski <b...@radziszewski.com> wrote: > Hi Andrew, > ‘ > Thanks for your answer. Unfortunately your example is not solving my issue. > > I need to add header Strict-Transport-Security into 301 redirect - i made > it already on nginx: > > curl -I https://www.xxx.com > HTTP/1.1 301 Moved Permanently > Server: nginx > Date: Sun, 26 Feb 2017 16:10:59 GMT > Content-Type: text/html > Content-Length: 178 > Connection: keep-alive > Location: https://xxx.com/ > Strict-Transport-Security: max-age=31556926; includeSubDomains > > but don’t know how to do it on haproxy. > > Thanks, > Bartek > > On 26 Feb 2017, at 17:39, Andrew Smalley <asmal...@loadbalancer.org> > wrote: > > Hello Bartek > > I hope the example below helps with adding a http-response for HSTS / > Strict-Transport-Security > > > listen hsts_example > bind 192.168.0.231:80 transparent > mode http > http-response set-header Strict-Transport-Security "max-age=15552000; > includeSubDomains; preload;" > balance leastconn > option forwardfor if-none > stick on hdr(X-Forwarded-For,-1) > stick on src > stick-table type string len 64 size 10240k expire 30m peers > loadbalancer_replication > server backup 127.0.0.1:9081 backup source 0.0.0.0 non-stick > source 0.0.0.0 usesrc clientip > option http-keep-alive > option redispatch > option abortonclose > maxconn 40000 > acl force src 192.168.0.250 54.77.60.1 > reqadd X-Forwarded-Proto:\ https if force > redirect scheme https code 301 if !force > server RIP_Name 10.0.1.1 weight 100 check port 80 inter 4000 rise 2 > fall 2 minconn 0 maxconn 0 on-marked-down shutdown-sessions > > > Regards > > Andrew Smalley > > Loadbalancer.org Ltd. > > > > On 26 February 2017 at 16:18, Bartek Radziszewski <b...@radziszewski.com> > wrote: > >> Hi, >> >> It’s possible to add Strict-Transport-Security header into 301 redirect >> (http-request redirect code 301) ? >> >> Thanks, >> Bartek >> > > >