From c38088dcdd76c7a75e63bdfd6a7867e45451a39f Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 8 Dec 2017 06:37:07 +0100
Subject: [PATCH] net/haproxy: merge version 2.1 from master

---
 net/haproxy/Makefile                                        | 2 +-
 .../service/templates/OPNsense/HAProxy/haproxy.conf         | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile
index ca3a4105f..91751fc0d 100644
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		haproxy
-PLUGIN_VERSION=		2.0
+PLUGIN_VERSION=		2.1
 PLUGIN_COMMENT=		Reliable, high performance TCP/HTTP load balancer
 PLUGIN_DEPENDS=		haproxy
 PLUGIN_MAINTAINER=	opnsense@moov.de
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index b6b70b8b0..dd8db755c 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -606,10 +606,10 @@ frontend {{frontend.name}}
 {%           if frontend.ssl_cipherList|default("") != "" %}
 {%             do ssl_options.append('ciphers ' ~ frontend.ssl_cipherList) %}
 {%           endif %}
-{%         endif %}
-{#         # HSTS #}
-{%         if frontend.ssl_hstsEnabled|default("") == '1' %}
+{#           # HSTS #}
+{%           if frontend.ssl_hstsEnabled|default("") == '1' and frontend.mode == 'http' %}
     http-response set-header Strict-Transport-Security max-age={{frontend.ssl_hstsMaxAge}}
+{%           endif %}
 {%         endif %}
 {%       endif %}
 {#       # bind/listen configuration #}