roles/nginx: Just enable OCSP

I was attempting to make the config easier to use in test environments
where the key is self-signed, but meh, I rarely do that and I think
this logic doesn't actually work.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
Alan Orth 2015-03-22 19:04:50 +03:00
parent 9ce7ac72f9
commit ae8937eb96

View File

@ -14,13 +14,10 @@
ssl_ciphers "{{ tls_cipher_suite }}"; ssl_ciphers "{{ tls_cipher_suite }}";
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
{# don't use OCSP stapling if we're using a self-signed cert #}
{% if tls_cert is defined %}
# OCSP stapling... # OCSP stapling...
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
resolver 208.67.222.222 208.67.220.220; resolver 208.67.222.222 208.67.220.220;
{% endif %}
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and # nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
# when a restart is performed the previous key is lost, which resets all previous # when a restart is performed the previous key is lost, which resets all previous