def upgrade():
config = Configuration()
session = Session()
backends = session.query(Backend).\
filter(Backend.servers.contains('ssl')).\
filter(not_(Backend.servers.contains('verify none'))).\
all()
for backend in backends:
backend.servers += ' verify none'
session.commit()
config.write(restart=False)
def upgrade():
config = Configuration()
session = Session()
frontend = session.query(Frontend).\
filter_by(name='https',
binds=':5443 ssl crt /usr/local/haproxy/var/crt/default.pem',
options=r'option http-server-close,option forwardfor,rspirep ^Location:\ http://(.*)$ Location:\ https://\1').\
first()
if frontend:
frontend.binds += ' ciphers AESGCM+AES128:AES128:AESGCM+AES256:AES256:RSA+RC4+SHA:!RSA+AES:!CAMELLIA:!aECDH:!3DES:!DSS:!PSK:!SRP:!aNULL no-sslv3'
frontend.options += r', rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains'
session.commit()
config.write(restart=False)
