From bb7e2b0e88bd1d2a041dd562e707f790e66d6c99 Mon Sep 17 00:00:00 2001 From: Aaron Hurt Date: Fri, 26 Jan 2018 12:02:06 -0600 Subject: [PATCH] adding markdown docs and config load test --- config/load_test.go | 21 +++++++++++++++++++ docs/content/ref/proxy.header.sts.maxage.md | 11 ++++++++++ docs/content/ref/proxy.header.sts.preload.md | 17 +++++++++++++++ .../ref/proxy.header.sts.subdomains.md | 11 ++++++++++ fabio.properties | 2 +- 5 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 docs/content/ref/proxy.header.sts.maxage.md create mode 100644 docs/content/ref/proxy.header.sts.preload.md create mode 100644 docs/content/ref/proxy.header.sts.subdomains.md diff --git a/config/load_test.go b/config/load_test.go index f74610911..77e60e312 100644 --- a/config/load_test.go +++ b/config/load_test.go @@ -390,6 +390,27 @@ func TestLoad(t *testing.T) { return cfg }, }, + { + args: []string{"-proxy.header.sts.maxage", "31536000"}, + cfg: func(cfg *Config) *Config { + cfg.Proxy.STSHeader.MaxAge = 31536000 + return cfg + }, + }, + { + args: []string{"-proxy.header.sts.subdomains", "true"}, + cfg: func(cfg *Config) *Config { + cfg.Proxy.STSHeader.Subdomains = true + return cfg + }, + }, + { + args: []string{"-proxy.header.sts.preload", "true"}, + cfg: func(cfg *Config) *Config { + cfg.Proxy.STSHeader.Preload = true + return cfg + }, + }, { args: []string{"-proxy.gzip.contenttype", `^text/.*$`}, cfg: func(cfg *Config) *Config { diff --git a/docs/content/ref/proxy.header.sts.maxage.md b/docs/content/ref/proxy.header.sts.maxage.md new file mode 100644 index 000000000..6846edcc9 --- /dev/null +++ b/docs/content/ref/proxy.header.sts.maxage.md @@ -0,0 +1,11 @@ +--- +title: "proxy.header.sts.maxage" +--- + +`proxy.header.sts.maxage` enables and configures the max-age of HSTS for TLS requests. +When set greater than zero this enables the Strict-Transport-Security header +and sets the max-age value in the header. + +The default is + + proxy.header.sts.maxage = 0 diff --git a/docs/content/ref/proxy.header.sts.preload.md b/docs/content/ref/proxy.header.sts.preload.md new file mode 100644 index 000000000..274060047 --- /dev/null +++ b/docs/content/ref/proxy.header.sts.preload.md @@ -0,0 +1,17 @@ +--- +title: "proxy.header.sts.preload" +--- + +`proxy.header.sts.preload` instructs HSTS to include the preload directive. +When set to true, the 'preload' option will be added to the +Strict-Transport-Security header. + +Sending the preload directive from your site can have PERMANENT CONSEQUENCES +and prevent users from accessing your site and any of its subdomains if you +find you need to switch back to HTTP. Please read the details at +[https://hstspreload.org/#removal](https://hstspreload.org/#removal) +before sending the header with "preload". + +The default is + + proxy.header.sts.preload = false diff --git a/docs/content/ref/proxy.header.sts.subdomains.md b/docs/content/ref/proxy.header.sts.subdomains.md new file mode 100644 index 000000000..fde3da4f1 --- /dev/null +++ b/docs/content/ref/proxy.header.sts.subdomains.md @@ -0,0 +1,11 @@ +--- +title: "proxy.header.sts.subdomains" +--- + +`proxy.header.sts.subdomains` instructs HSTS to include subdomains. +When set to true, the 'includeSubDomains' option will be added to +the Strict-Transport-Security header. + +The default is + + proxy.header.sts.subdomains = false diff --git a/fabio.properties b/fabio.properties index 8f10865a0..def4ccd78 100644 --- a/fabio.properties +++ b/fabio.properties @@ -423,7 +423,7 @@ # Sending the preload directive from your site can have PERMANENT CONSEQUENCES # and prevent users from accessing your site and any of its subdomains if you # find you need to switch back to HTTP. Please read the details at -# hstspreload.appspot.com/#removal before sending the header with "preload". +# https://hstspreload.org/#removal before sending the header with "preload". # # The default is #