This snippet shows you how to add a header to a haproxy response, for example, the HSTS header (http strict transport security).

This snippet was tested on haproxy 1.5.

This snippet is tested on a Digital Ocean VPS. If you like this snippet and want to support me, plus get free credit @ DO, use this link to order a Digital Ocean VPS: https://www.digitalocean.com/?refcode=7435ae6b8212

This for example can be used when haproxy is used for ssl offloading and you want to offer hsts, while the backends not support it.

The following config is required in a frontend section:

<code>frontend example-frontend
  reqadd X-Forwarded-Proto:\ https
  rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
  default_backend example-backend
</code>

The important part is:

<code>
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
</code>

This adds the header to every response haproxy sends to a client.

More Info: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#rspadd
----
Aby bolo možné interaktívne rozhodovať, ktoré služby sa počas štartu systému spustia je nutné nastaviť nasledovné hodnoty v rc.conf a pri štarte stisnúť "I"
<file ini rc.conf>
RC_INTERACTIVE="yes"
</file>
----

Pre bezpečný SSH server je vhodné podporovať len curve25519 a DH256 pre kompatibilitu.
<code>KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256</code>