alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/nginx: Just enable OCSP

Browse Source 
I was attempting to make the config easier to use in test environments
where the key is self-signed, but meh, I rarely do that and I think
this logic doesn't actually work.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
Alan Orth 2015-03-22 19:04:50 +03:00
parent 9ce7ac72f9
commit ae8937eb96
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
roles/nginx/templates/https.j2
View File

@ -14,13 +14,10 @@
ssl_ciphers "{{ tls_cipher_suite }}";
ssl_prefer_server_ciphers on;
{# don't use OCSP stapling if we're using a self-signed cert #}
{% if tls_cert is defined %}
# OCSP stapling...
ssl_stapling on;
ssl_stapling_verify on;
resolver 208.67.222.222 208.67.220.220;
{% endif %}
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
# when a restart is performed the previous key is lost, which resets all previous