Hi Lukas, On 27 Feb 2017 5:53 am, "Lukas Tribus" <[email protected]> wrote:
Hi, Am 26.02.2017 um 19:02 schrieb [email protected]: > Hi, > > If I understand, the 301 is produced by haproxy. If it is the case, > there are an ugly soluce. > > Haproxy can't add header to a redirect because redirect is a final > directive. After executing the redirect no more action are executed. > > The trick is to create a listen proxy dedicated for redirect, and > modify the response of these proxy from the main proxy. If a dedicated > proxy produces the response, the main proxy considers this as forwarded > traffic and can add headers. > Also see: http://blog.haproxy.com/2015/06/09/haproxy-and-http-strict-t ransport-security-hsts-header-in-http-redirects/ Lukas Maybe I'm stupid but in the example from the link you sent: frontend fe_myapp bind :443 ssl crt /path/to/my/cert.pem bind :80 use_backend be_dummy if !{ ssl_fc } default_backend be_myapp backend be_myapp http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; server s1 10.0.0.1:80 be_dummy server haproxy_fe_dummy_ssl_redirect 127.0.0.1:8000 frontend fe_dummy bind 127.0.0.1:8000 http-request redirect scheme https I don't see how is the hsts header being inserted in the redirect?
