diff options
| author | Robert Göhler <github@ghlr.de> | 2024-05-28 12:12:40 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-28 12:12:40 +0200 |
| commit | e5dde95b686686fa7cd843834ffe4eac67cba9bf (patch) | |
| tree | 30e808abc8d68425082da8198485caf1537fbc68 | |
| parent | d9fef261e770cb45d5f02ae5e448590c7f6fead1 (diff) | |
| parent | 3249752e6d9c9965cf47b20b9434a293d1b728da (diff) | |
| download | vyos-documentation-e5dde95b686686fa7cd843834ffe4eac67cba9bf.tar.gz vyos-documentation-e5dde95b686686fa7cd843834ffe4eac67cba9bf.zip | |
Merge pull request #1463 from Embezzle/T6370
reverse-proxy: T6370: Documented usage of http-response-headers option
| -rw-r--r-- | docs/configuration/loadbalancing/reverse-proxy.rst | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 970e084e..044d2044 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -45,6 +45,11 @@ Service Set SSL certificate <name> for service <name> +.. cfgcmd:: set load-balancing reverse-proxy service <name> + http-response-headers <header-name> value <header-value> + + Set custom HTTP headers to be included in all responses + Rules ^^^^^ @@ -155,6 +160,11 @@ Backend Configure requests to the backend server to use SSL encryption without validating server certificate +.. cfgcmd:: set load-balancing reverse-proxy backend <name> + http-response-headers <header-name> value <header-value> + + Set custom HTTP headers to be included in all responses using the backend + HTTP health check ^^^^^^^^^^^^^^^^^ @@ -291,6 +301,7 @@ HTTPS. The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. +HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site. Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``. @@ -313,6 +324,7 @@ connection limit of 4000 and a minimum TLS version of 1.3. set load-balancing reverse-proxy service https mode 'http' set load-balancing reverse-proxy service https port '443' set load-balancing reverse-proxy service https ssl certificate 'cert' + set load-balancing reverse-proxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000' set load-balancing reverse-proxy service https rule 10 url-path exact '/.well-known/xxx' set load-balancing reverse-proxy service https rule 10 set redirect-location '/certs/' |