LumeWeb
/
tusd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enable OCSP stapling for master.tus.io

This commit is contained in:
Marius 2016-11-09 22:56:15 +01:00
parent 2ef7e5c975
commit 25771dfbcd
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.infra/files/nginx.conf
View File

@ -5,13 +5,20 @@ server {
listen 443 ssl;
listen [::]:443 ipv6only=on ssl;
ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem;
ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
# Load custom parameters for Diffie Hellman key exchange to avoid the usage
# of common primes
ssl_dhparam /etc/nginx/dhparams.pem;
# Enable OCSP stapling which allows clients to verify that our certificate
# is not revoked without contacting the Certificate Authority by appending a
# CA-signed promise, that it's still valid, to the TLS handshake response.
ssl_stapling on;
ssl_stapling_verify on;
server_name master.tus.io;
# certbot will place the files required for the HTTP challenge in the