alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/nginx: Only use Linode DNS resolvers for OCSP if it's a linode host

Browse Source 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
Alan Orth 2015-11-30 17:40:32 +02:00
parent 5f71991259
commit 60c37821d6
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
roles/nginx/templates/https.j2
View File

@ -19,7 +19,12 @@
# OCSP stapling... # OCSP stapling...
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
{% if linode_id is defined %}
# use Linode internal DNS
resolver 109.74.192.20 109.74.193.20; resolver 109.74.192.20 109.74.193.20;
{% else %}
resolver 8.8.8.8 8.8.4.4;
{% endif %}
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and # nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
# when a restart is performed the previous key is lost, which resets all previous # when a restart is performed the previous key is lost, which resets all previous