예제 #1
0
def upgrade():
    config = Configuration()
    session = Session()
    backends = session.query(Backend).\
        filter(Backend.servers.contains('ssl')).\
        filter(not_(Backend.servers.contains('verify none'))).\
        all()
    for backend in backends:
        backend.servers += ' verify none'
    session.commit()
    config.write(restart=False)
예제 #2
0
def upgrade():
    config = Configuration()
    session = Session()
    frontend = session.query(Frontend).\
        filter_by(name='https',
                  binds=':5443 ssl crt /usr/local/haproxy/var/crt/default.pem',
                  options=r'option http-server-close,option forwardfor,rspirep ^Location:\ http://(.*)$ Location:\ https://\1').\
        first()
    if frontend:
        frontend.binds += ' ciphers AESGCM+AES128:AES128:AESGCM+AES256:AES256:RSA+RC4+SHA:!RSA+AES:!CAMELLIA:!aECDH:!3DES:!DSS:!PSK:!SRP:!aNULL no-sslv3'
        frontend.options += r', rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains'
        session.commit()
        config.write(restart=False)