Sorry, forgot to include the list. Please share your config so I can see what you are doing?
Regards Andrew Smalley Loadbalancer.org Ltd. On 26 February 2017 at 17:32, Bartek Radziszewski <[email protected]> wrote: > Andrew, > > Thanks for your answer. Just tested one more time your example and > unfortunately there is missing Strict-Transport-Security header during 301 > redirect: > > curl -I https://xxx.com/dupa > HTTP/1.1 301 Moved Permanently > Content-length: 0 > Location: https://www.xxx.com/dupa > Connection: close > > Bartek > > > On 26 Feb 2017, at 18:12, Andrew Smalley <[email protected]> > wrote: > > Hello Bartek > > I think the portion of my example you wanted is below > > In my example I have a redirect from http to https and as such there is a > acl force src if my local ip address > > Here I add the HSTS and then redirect 301 as you wanted. > > http-response set-header Strict-Transport-Security "max-age=15552000; > includeSubDomains; preload;" > acl force src 127.0.0.1 # ip of haproxy > reqadd X-Forwarded-Proto:\ https if force > redirect scheme https code 301 if !force > > > Regards > > Andrew Smalley > > Loadbalancer.org Ltd. > > > > On 26 February 2017 at 17:07, Bartek Radziszewski <[email protected]> > wrote: > >> it's haproxy related. >> How to add header info 301 redirect? >> >> On 26 Feb 2017, at 17:54, Andrew Smalley <[email protected]> >> wrote: >> >> Hello Bartek >> >> I assumed it was haproxy related and as such my example will work. >> However I hope the link below helps you get going with NGINX >> >> https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ >> >> Regards >> >> Andrew Smalley >> >> Loadbalancer.org <http://loadbalancer.org/> Ltd. >> >> >> >> On 26 February 2017 at 16:47, Bartek Radziszewski <[email protected]> >> wrote: >> >>> Hi Andrew, >>> ‘ >>> Thanks for your answer. Unfortunately your example is not solving my >>> issue. >>> >>> I need to add header Strict-Transport-Security into 301 redirect - i >>> made it already on nginx: >>> >>> curl -I https://www.xxx.com >>> HTTP/1.1 301 Moved Permanently >>> Server: nginx >>> Date: Sun, 26 Feb 2017 16:10:59 GMT >>> Content-Type: text/html >>> Content-Length: 178 >>> Connection: keep-alive >>> Location: https://xxx.com/ >>> Strict-Transport-Security: max-age=31556926; includeSubDomains >>> >>> but don’t know how to do it on haproxy. >>> >>> Thanks, >>> Bartek >>> >>> On 26 Feb 2017, at 17:39, Andrew Smalley <[email protected]> >>> wrote: >>> >>> Hello Bartek >>> >>> I hope the example below helps with adding a http-response for HSTS / >>> Strict-Transport-Security >>> >>> >>> listen hsts_example >>> bind 192.168.0.231:80 transparent >>> mode http >>> http-response set-header Strict-Transport-Security "max-age=15552000; >>> includeSubDomains; preload;" >>> balance leastconn >>> option forwardfor if-none >>> stick on hdr(X-Forwarded-For,-1) >>> stick on src >>> stick-table type string len 64 size 10240k expire 30m peers >>> loadbalancer_replication >>> server backup 127.0.0.1:9081 backup source 0.0.0.0 non-stick >>> source 0.0.0.0 usesrc clientip >>> option http-keep-alive >>> option redispatch >>> option abortonclose >>> maxconn 40000 >>> acl force src 192.168.0.250 54.77.60.1 >>> reqadd X-Forwarded-Proto:\ https if force >>> redirect scheme https code 301 if !force >>> server RIP_Name 10.0.1.1 weight 100 check port 80 inter 4000 rise 2 >>> fall 2 minconn 0 maxconn 0 on-marked-down shutdown-sessions >>> >>> >>> Regards >>> >>> Andrew Smalley >>> >>> Loadbalancer.org <http://loadbalancer.org/> Ltd. >>> >>> >>> >>> On 26 February 2017 at 16:18, Bartek Radziszewski <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> It’s possible to add Strict-Transport-Security header into 301 redirect >>>> (http-request redirect code 301) ? >>>> >>>> Thanks, >>>> Bartek >>>> >>> >>> >>> >> > >
