From 0f674236fa8b47ef351ce3d13c0431e6400fb3fd Mon Sep 17 00:00:00 2001
From: nutra-bot <nutradigest@gmail.com>
Date: Mon, 17 Apr 2023 14:37:18 +0000
Subject: [PATCH] enable ssl stapling (OCSP), see cert:

	https://letsencrypt.org/certificates/
---
 etc/nginx/sites-available/default | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default
index d342e98..ba9e3de 100644
--- a/etc/nginx/sites-available/default
+++ b/etc/nginx/sites-available/default
@@ -11,6 +11,9 @@ server {
   listen 443 ssl http2 default_server;
   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
   # ssl_protocols TLSv1 TLSv1.1; # support legacy browsers
   # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
 
-- 
2.52.0