sumarsono.com
Take it with a grain of salt


HAProxy SSL A+

Posted on

Cara mendapatkan skor SSL A+ dari SSL Labs untuk haproxy

global section, tambahkan:

    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

frontend https, tambahkan:

    bind *:443 ssl crt /etc/ssl/jekyll.nalakawula.com.pem alpn http/1.1,h2
    # HSTS header (1 year = 31540000 seconds)
    http-response set-header Strict-Transport-Security max-age=31540000