increase timeout and enable HST

2021-08-28 00:32:15 -04:00 · 2021-08-28 00:32:15 -04:00 · 9d04ba4d77
parent cce2b7cb56
commit 9d04ba4d77
2 changed files with 17 additions and 2 deletions
--- a/group_vars/lb.yml
+++ b/group_vars/lb.yml
@ -6,9 +6,21 @@ haproxy:
          - code.badjware.dev
          - drone.badjware.dev
        dst:
+          - 192.168.20.20
          - 192.168.20.21
          - 192.168.20.22
          - 192.168.20.23
+      # - src:
+      #     - kubernetes-dashboard.badjnet.home
+      #     - traefik.badjnet.home
+      #     - longhorn.badjnet.home
+      #     - grafana.badjnet.home
+      #     - prometheus.badjnet.home
+      #   dst:
+      #     - 192.168.20.20
+      #     - 192.168.20.21
+      #     - 192.168.20.22
+      #     - 192.168.20.23
    tcp:
      - src: "30022"
        dst:
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@ -8,8 +8,8 @@ global

 defaults
    timeout connect 5s
-    timeout client 30s
-    timeout server 30s
+    timeout client 120s
+    timeout server 120s
    log global

    default-server init-addr last,none resolvers dns
@ -47,6 +47,9 @@ frontend https_in
    # force https
    http-request redirect scheme https unless { ssl_fc }

+    # set HSTS
+    http-response set-header Strict-Transport-Security "max-age=15552000; includeSubDomains;"
+
    # request is ssl
    # tcp-request inspect-delay 5s
    # tcp-request content accept if { req.ssl_hello_type 1  }