Enable OCSP stapling for master.tus.io
This commit is contained in:
parent
2ef7e5c975
commit
25771dfbcd
|
@ -5,13 +5,20 @@ server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ipv6only=on ssl;
|
listen [::]:443 ipv6only=on ssl;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
|
||||||
|
|
||||||
# Load custom parameters for Diffie Hellman key exchange to avoid the usage
|
# Load custom parameters for Diffie Hellman key exchange to avoid the usage
|
||||||
# of common primes
|
# of common primes
|
||||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||||
|
|
||||||
|
# Enable OCSP stapling which allows clients to verify that our certificate
|
||||||
|
# is not revoked without contacting the Certificate Authority by appending a
|
||||||
|
# CA-signed promise, that it's still valid, to the TLS handshake response.
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
|
||||||
server_name master.tus.io;
|
server_name master.tus.io;
|
||||||
|
|
||||||
# certbot will place the files required for the HTTP challenge in the
|
# certbot will place the files required for the HTTP challenge in the
|
||||||
|
|
Loading…
Reference in New Issue