alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/nginx: Allow custom resolvers for TLS stapling

Browse Source 
Allows to specify custom DNS resolvers for TLS stapling, with a default
of Cloudflare's public DNS servers.
This commit is contained in:
Alan Orth
2018-04-30 18:04:17 +03:00
parent bda95b6a1c
commit 0a39051a95
2 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
roles/nginx/templates/https.j2
View File

@ -35,12 +35,7 @@
# OCSP stapling...
ssl_stapling on;
ssl_stapling_verify on;
{% if linode_id is defined %}
# use Linode internal DNS
resolver 139.162.139.5 139.162.130.5 [2a01:7e01::5] [2a01:7e01::6];
{% else %}
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001];
{% endif %} {# end: linode_id #}
resolver {{ nginx_ssl_stapling_resolver }};
{% endif %} {# end: use_letsencrypt #}
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and