enable ssl stapling (OCSP), see cert:

author nutra-bot <nutradigest@gmail.com>

Mon, 17 Apr 2023 14:37:18 +0000 (14:37 +0000)

committer nutra-bot <nutradigest@gmail.com>

Mon, 17 Apr 2023 14:37:18 +0000 (14:37 +0000)
author nutra-bot <nutradigest@gmail.com>
Mon, 17 Apr 2023 14:37:18 +0000 (14:37 +0000)
committer nutra-bot <nutradigest@gmail.com>
Mon, 17 Apr 2023 14:37:18 +0000 (14:37 +0000)
diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default

index d342e98f7f5561d7c55ef5ea00d02515eea3acd7..ba9e3de23d50c25a59862a9f8fac0fef4e9f4d71 100644 (file)
--- a/etc/nginx/sites-available/default
+++ b/etc/nginx/sites-available/default
@@ -11,6 +11,9 @@ server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
    # ssl_protocols TLSv1 TLSv1.1; # support legacy browsers
    # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
author	nutra-bot <nutradigest@gmail.com>
	Mon, 17 Apr 2023 14:37:18 +0000 (14:37 +0000)
committer	nutra-bot <nutradigest@gmail.com>
	Mon, 17 Apr 2023 14:37:18 +0000 (14:37 +0000)