Enable OCSP stapling for master.tus.io
This commit is contained in:
parent
2ef7e5c975
commit
25771dfbcd
|
@ -5,13 +5,20 @@ server {
|
|||
listen 443 ssl;
|
||||
listen [::]:443 ipv6only=on ssl;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
|
||||
|
||||
# Load custom parameters for Diffie Hellman key exchange to avoid the usage
|
||||
# of common primes
|
||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||
|
||||
# Enable OCSP stapling which allows clients to verify that our certificate
|
||||
# is not revoked without contacting the Certificate Authority by appending a
|
||||
# CA-signed promise, that it's still valid, to the TLS handshake response.
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
server_name master.tus.io;
|
||||
|
||||
# certbot will place the files required for the HTTP challenge in the
|
||||
|
|
Loading…
Reference in New Issue