mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-12-25 03:56:31 +00:00
Remove OCSP stapling
Looks like it was not actually working before and failing silently because ssl_trusted_certificate was not specified. Will need to revisit implementing this functionality so removing it for now to prevent the warnings logged by nginx now.
This commit is contained in:
parent
3c5843264e
commit
080a5157e6
@ -82,7 +82,7 @@ and `CERT_NAME=shared` will then use this shared cert.
|
||||
|
||||
The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
|
||||
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
||||
Windows XP IE8, Android 2.3, Java 7. The configuration also enables OCSP stapling, HSTS, and SSL
|
||||
Windows XP IE8, Android 2.3, Java 7. The configuration also enables HSTS, and SSL
|
||||
session caches.
|
||||
|
||||
The behavior for the proxy when port 80 and 443 are exposed is as follows:
|
||||
|
@ -96,8 +96,6 @@ server {
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
|
||||
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
|
||||
|
Loading…
Reference in New Issue
Block a user