Fix yet another typo

[mirror/dsa-puppet.git] / modules / roles / templates / snapshot / haproxy.cfg.erb

diff --git a/modules/roles/templates/snapshot/haproxy.cfg.erb b/modules/roles/templates/snapshot/haproxy.cfg.erb
index 5534a4e..b711534 100644 (file)
--- a/modules/roles/templates/snapshot/haproxy.cfg.erb
+++ b/modules/roles/templates/snapshot/haproxy.cfg.erb
@@ -27,9 +27,10 @@ defaults
        mode    http
        option  httplog
        option  dontlognull
-        timeout connect 5000
-        timeout client  50000
-        timeout server  50000
+       option  forwardfor
+       timeout connect 5000
+       timeout client  50000
+       timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
@@ -49,6 +50,10 @@ frontend front_ssl
        default_backend backend
 
        option http-keep-alive
+       # We rate-limit requests by clients.
+       #  Currently, we do that at the netfilter level, so one
+       #  request per connection works best.
+       option httpclose
        #option redispatch
 
 backend backend
@@ -60,5 +65,5 @@ backend backend
 
        server varnish 127.0.0.1:6081
 
-       #http-response set-header Strict-Transport-Security "max-age=15768000; preload"
+       http-response set-header Strict-Transport-Security "max-age=15768000; preload"
        #http-response del-header Server