No loophole in your website traffic

AbrahamAlgorithm · AbrahamAlgorithm · commit 0195edbe40a2 · 2024-03-08T02:16:13.000+01:00
diff --git a/0x10-https_ssl/100-redirect_http_to_https b/0x10-https_ssl/100-redirect_http_to_https
@@ -0,0 +1,51 @@
+global
+        log /dev/log    local0
+        log /dev/log    local1 notice
+        chroot /var/lib/haproxy
+        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+        stats timeout 30s
+        user haproxy
+        group haproxy
+        daemon
+
+        # Default SSL material locations
+        ca-base /etc/ssl/certs
+        crt-base /etc/ssl/private
+
+        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
+        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-S>
+        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
+
+defaults
+        log     global
+        mode    http
+        option  httplog
+        option  dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+        errorfile 400 /etc/haproxy/errors/400.http
+        errorfile 403 /etc/haproxy/errors/403.http
+        errorfile 408 /etc/haproxy/errors/408.http
+        errorfile 500 /etc/haproxy/errors/500.http
+        errorfile 502 /etc/haproxy/errors/502.http
+        errorfile 503 /etc/haproxy/errors/503.http
+        errorfile 504 /etc/haproxy/errors/504.http
+
+frontend abrahamalgorithm-frontend
+        bind *:80
+        mode http
+        http-request redirect scheme https code 301 unless { ssl_fc }
+        http-request set-header X_Forwarded-Proto http
+        default_backend abrahamalgorithm-backend
+
+frontend abrahamalgorithm-frontend-https
+        bind *:443 ssl crt /etc/haproxy/certs/www.abrahamalgorithm.tech.pem
+        http-request set-header X-Forwarded-Proto https
+        default_backend abrahamalgorithm-backend
+
+backend abrahamalgorithm-backend
+        balance roundrobin
+        server 157463-web-01 18.234.106.242:80 check
+        server 157463-web-02 54.160.83.214:80 check
