31 lines
1.3 KiB
Django/Jinja
31 lines
1.3 KiB
Django/Jinja
{% extends 'common/haproxy_base.j2' %}
|
|
|
|
{% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
|
|
|
|
{% block frontend %}
|
|
frontend {{ site_name }}
|
|
{{ bind_ip_tls(bind_ips, 443, tls_certificate_bundle) }}
|
|
|
|
|
|
timeout http-request 10s
|
|
timeout http-keep-alive 4s
|
|
option forwardfor
|
|
http-request set-header X-Forwarded-Proto https
|
|
http-request set-header X-Proxy-Authenticate "{{ eidas_proxy_auth }}"
|
|
|
|
{{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff', 'no_cache']) }}
|
|
|
|
{{ csp(["default-src " + ["'self'"]|join(' '),
|
|
"font-src " + ["'self'", "fonts.googleapis.com", "fonts.gstatic.com"]|join(' '),
|
|
"script-src " + ["'self'", "'unsafe-inline'", "swedenconnect.status.io", "api.status.io", "www.google-analytics.com", "ajax.googleapis.com"]|join(' '),
|
|
"connect-src " + ["'self'","api.status.io"]|join(' '),
|
|
"img-src " + ["*", "data:", "'self'"]|join(' '),
|
|
"style-src " + ["'self'", "'unsafe-inline'", "fonts.googleapis.com"]|join(' '),
|
|
]) }}
|
|
|
|
{{ acme_challenge(letsencrypt_server) }}
|
|
|
|
{% block usebackend %}
|
|
use_backend {{ site_name }}__default
|
|
{% endblock usebackend %}
|
|
{% endblock frontend %}
|