Struct FileHstsConfig 

pub struct FileHstsConfig {
    pub enabled: Option<bool>,
    pub max_age: Option<u32>,
    pub include_subdomains: Option<bool>,
    pub preload: Option<bool>,
    pub force_replace_backend: Option<bool>,
}

HSTS (HTTP Strict Transport Security, RFC 6797) policy as serialised under [https.listeners.default.hsts] (listener default) or [clusters.<id>.frontends.hsts] (per-frontend override).

enabled is REQUIRED whenever the block is present — its presence vs absence disambiguates “preserve current” / “explicit disable” / “enable” on hot-reconfig partial updates.

When enabled = true and max_age is omitted, sozu substitutes DEFAULT_HSTS_MAX_AGE (1 year) at config-load time.

Fields

enabled: Option<bool>

REQUIRED. true enables HSTS for this scope; false suppresses any inherited listener default (explicit-disable signal).

max_age: Option<u32>

Strict-Transport-Security: max-age=<seconds>. Optional — defaults to DEFAULT_HSTS_MAX_AGE when enabled = true. max_age = 0 is the RFC 6797 §11.4 kill switch and is allowed silently; 0 < max_age < 86400 warns at config-load.

include_subdomains: Option<bool>

Append ; includeSubDomains to the rendered header.

preload: Option<bool>

Append ; preload to the rendered header. Opt-in only — see RFC 6797 §14.2 and https://hstspreload.org/.

force_replace_backend: Option<bool>

Operator opt-in to override any backend-supplied Strict-Transport-Security header. RFC 6797 §6.1 default behaviour is to PRESERVE the backend’s value (sozu’s edit uses HeaderEditMode::SetIfAbsent). Set this to true to harden a stale or weak upstream HSTS policy centrally — the materialiser then uses HeaderEditMode::Set, replacing any backend STS with sozu’s rendered value.

Implementations

impl FileHstsConfig

pub fn to_proto(&self, scope: &str) -> Result<HstsConfig, ConfigError>

Validate and convert the file-level FileHstsConfig into the proto HstsConfig. scope is a human-readable string (e.g. “listener” or “frontend api/example.com”) surfaced into errors and warnings so the operator can pinpoint the offending block.

Validation:

• enabled is required when any other field is set (HstsEnabledRequired); the parser returns the typed error so callers can fail fast.
• enabled = true && max_age = None substitutes DEFAULT_HSTS_MAX_AGE.
• 0 < max_age < 86400 warns (likely misconfig — sub-day max-age is useful only for testing).
• preload = true with max_age < DEFAULT_HSTS_MAX_AGE or include_subdomains != Some(true) warns (the Chrome HSTS preload list will reject the host).
• max_age = 0 is allowed silently (RFC 6797 §11.4 kill switch).

Trait Implementations

impl Clone for FileHstsConfig

fn clone(&self) -> FileHstsConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for FileHstsConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for FileHstsConfig

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Hash for FileHstsConfig

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq for FileHstsConfig

fn eq(&self, other: &FileHstsConfig) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for FileHstsConfig

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for FileHstsConfig

impl StructuralPartialEq for FileHstsConfig