summaryrefslogtreecommitdiff
path: root/docs/configuration/loadbalancing
diff options
context:
space:
mode:
authorAlex W <embezzle.dev@proton.me>2024-05-27 23:07:31 +0100
committerAlex W <embezzle.dev@proton.me>2024-05-27 23:07:31 +0100
commit3249752e6d9c9965cf47b20b9434a293d1b728da (patch)
tree30e808abc8d68425082da8198485caf1537fbc68 /docs/configuration/loadbalancing
parentd9fef261e770cb45d5f02ae5e448590c7f6fead1 (diff)
downloadvyos-documentation-3249752e6d9c9965cf47b20b9434a293d1b728da.tar.gz
vyos-documentation-3249752e6d9c9965cf47b20b9434a293d1b728da.zip
reverse-proxy: T6370: Documented usage of http-response-headers option
Diffstat (limited to 'docs/configuration/loadbalancing')
-rw-r--r--docs/configuration/loadbalancing/reverse-proxy.rst12
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst
index 970e084e..044d2044 100644
--- a/docs/configuration/loadbalancing/reverse-proxy.rst
+++ b/docs/configuration/loadbalancing/reverse-proxy.rst
@@ -45,6 +45,11 @@ Service
Set SSL certificate <name> for service <name>
+.. cfgcmd:: set load-balancing reverse-proxy service <name>
+ http-response-headers <header-name> value <header-value>
+
+ Set custom HTTP headers to be included in all responses
+
Rules
^^^^^
@@ -155,6 +160,11 @@ Backend
Configure requests to the backend server to use SSL encryption without
validating server certificate
+.. cfgcmd:: set load-balancing reverse-proxy backend <name>
+ http-response-headers <header-name> value <header-value>
+
+ Set custom HTTP headers to be included in all responses using the backend
+
HTTP health check
^^^^^^^^^^^^^^^^^
@@ -291,6 +301,7 @@ HTTPS.
The ``https`` service listens on port 443 with backend ``bk-default`` to
handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination.
+HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site.
Rule 10 matches requests with the exact URL path ``/.well-known/xxx``
and redirects to location ``/certs/``.
@@ -313,6 +324,7 @@ connection limit of 4000 and a minimum TLS version of 1.3.
set load-balancing reverse-proxy service https mode 'http'
set load-balancing reverse-proxy service https port '443'
set load-balancing reverse-proxy service https ssl certificate 'cert'
+ set load-balancing reverse-proxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000'
set load-balancing reverse-proxy service https rule 10 url-path exact '/.well-known/xxx'
set load-balancing reverse-proxy service https rule 10 set redirect-location '/certs/'