X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fsnapshot%2Fhaproxy.cfg.erb;h=b7115349dfd495b90dca8c745875821d19a0a654;hb=99d5cc2a59e287389ddf62fbc9708bf7478875e5;hp=5534a4ee045b7bbe10021978ca497d538e97810e;hpb=8d38f75440f0a903a4e2630b076a8d090a59b47e;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/templates/snapshot/haproxy.cfg.erb b/modules/roles/templates/snapshot/haproxy.cfg.erb
index 5534a4ee0..b7115349d 100644
--- a/modules/roles/templates/snapshot/haproxy.cfg.erb
+++ b/modules/roles/templates/snapshot/haproxy.cfg.erb
@@ -27,9 +27,10 @@ defaults
 	mode	http
 	option	httplog
 	option	dontlognull
-        timeout connect 5000
-        timeout client  50000
-        timeout server  50000
+	option	forwardfor
+	timeout	connect 5000
+	timeout	client  50000
+	timeout	server  50000
 	errorfile 400 /etc/haproxy/errors/400.http
 	errorfile 403 /etc/haproxy/errors/403.http
 	errorfile 408 /etc/haproxy/errors/408.http
@@ -49,6 +50,10 @@ frontend front_ssl
 	default_backend backend
 
 	option http-keep-alive
+	# We rate-limit requests by clients.
+	#  Currently, we do that at the netfilter level, so one
+	#  request per connection works best.
+	option httpclose
 	#option redispatch
 
 backend backend
@@ -60,5 +65,5 @@ backend backend
 
 	server varnish 127.0.0.1:6081
 
-	#http-response set-header Strict-Transport-Security "max-age=15768000; preload"
+	http-response set-header Strict-Transport-Security "max-age=15768000; preload"
 	#http-response del-header Server