From: nutra-bot <nutradigest@gmail.com>
Date: Mon, 17 Apr 2023 14:37:18 +0000 (+0000)
Subject: enable ssl stapling (OCSP), see cert:
X-Git-Url: https://git.nutra.tk/v1?a=commitdiff_plain;h=0f674236fa8b47ef351ce3d13c0431e6400fb3fd;p=nutratech%2Fvps-root.git

enable ssl stapling (OCSP), see cert:

	https://letsencrypt.org/certificates/
---

diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default
index d342e98..ba9e3de 100644
--- a/etc/nginx/sites-available/default
+++ b/etc/nginx/sites-available/default
@@ -11,6 +11,9 @@ server {
   listen 443 ssl http2 default_server;
   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
   # ssl_protocols TLSv1 TLSv1.1; # support legacy browsers
   # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";