From 8a922478ef96a60b873594f03c6820e172bfc108 Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Fri, 13 Apr 2018 16:11:15 +0200
Subject: [PATCH] Hardening HAproxy

---
 haproxy-acme.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/haproxy-acme.nix b/haproxy-acme.nix
index 221babf54..69ebf9c45 100644
--- a/haproxy-acme.nix
+++ b/haproxy-acme.nix
@@ -56,10 +56,11 @@ userlist LOUTRE
   user paul password $6$6rDdCtzSVsAwB6KP$V8bR7KP7FSL2BSEh6n3op6iYhAnsVSPI2Ar3H6MwKrJ/lZRzUI8a0TwVBD2JPnAntUhLpmRudrvdq2Ls2odAy.
 frontend public
   bind :::80 v4v6
-  bind :::443 v4v6 ssl crt /var/lib/acme/${cfg.domaine}/full.pem
+  bind :::443 v4v6 ssl crt /var/lib/acme/${cfg.domaine}/full.pem alpn h2,http/1.1
   mode http
   acl letsencrypt-acl path_beg /.well-known/acme-challenge/
   redirect scheme https code 301 if !{ ssl_fc } !letsencrypt-acl
+  http-response set-header Strict-Transport-Security max-age=15768000
   use_backend letsencrypt-backend if letsencrypt-acl
 
 ${concatStrings (