Hello Bartek I think the portion of my example you wanted is below
In my example I have a redirect from http to https and as such there is a acl force src if my local ip address Here I add the HSTS and then redirect 301 as you wanted. http-response set-header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload;" acl force src 127.0.0.1 # ip of haproxy reqadd X-Forwarded-Proto:\ https if force redirect scheme https code 301 if !force Regards Andrew Smalley Loadbalancer.org Ltd. On 26 February 2017 at 17:07, Bartek Radziszewski <[email protected]> wrote: > it's haproxy related. > How to add header info 301 redirect? > > On 26 Feb 2017, at 17:54, Andrew Smalley <[email protected]> > wrote: > > Hello Bartek > > I assumed it was haproxy related and as such my example will work. However > I hope the link below helps you get going with NGINX > > https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ > > Regards > > Andrew Smalley > > Loadbalancer.org Ltd. > > > > On 26 February 2017 at 16:47, Bartek Radziszewski <[email protected]> > wrote: > >> Hi Andrew, >> ‘ >> Thanks for your answer. Unfortunately your example is not solving my >> issue. >> >> I need to add header Strict-Transport-Security into 301 redirect - i >> made it already on nginx: >> >> curl -I https://www.xxx.com >> HTTP/1.1 301 Moved Permanently >> Server: nginx >> Date: Sun, 26 Feb 2017 16:10:59 GMT >> Content-Type: text/html >> Content-Length: 178 >> Connection: keep-alive >> Location: https://xxx.com/ >> Strict-Transport-Security: max-age=31556926; includeSubDomains >> >> but don’t know how to do it on haproxy. >> >> Thanks, >> Bartek >> >> On 26 Feb 2017, at 17:39, Andrew Smalley <[email protected]> >> wrote: >> >> Hello Bartek >> >> I hope the example below helps with adding a http-response for HSTS / >> Strict-Transport-Security >> >> >> listen hsts_example >> bind 192.168.0.231:80 transparent >> mode http >> http-response set-header Strict-Transport-Security "max-age=15552000; >> includeSubDomains; preload;" >> balance leastconn >> option forwardfor if-none >> stick on hdr(X-Forwarded-For,-1) >> stick on src >> stick-table type string len 64 size 10240k expire 30m peers >> loadbalancer_replication >> server backup 127.0.0.1:9081 backup source 0.0.0.0 non-stick >> source 0.0.0.0 usesrc clientip >> option http-keep-alive >> option redispatch >> option abortonclose >> maxconn 40000 >> acl force src 192.168.0.250 54.77.60.1 >> reqadd X-Forwarded-Proto:\ https if force >> redirect scheme https code 301 if !force >> server RIP_Name 10.0.1.1 weight 100 check port 80 inter 4000 rise 2 >> fall 2 minconn 0 maxconn 0 on-marked-down shutdown-sessions >> >> >> Regards >> >> Andrew Smalley >> >> Loadbalancer.org Ltd. >> >> >> >> On 26 February 2017 at 16:18, Bartek Radziszewski <[email protected]> >> wrote: >> >>> Hi, >>> >>> It’s possible to add Strict-Transport-Security header into 301 redirect >>> (http-request redirect code 301) ? >>> >>> Thanks, >>> Bartek >>> >> >> >> >
