DTSV/Ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: DTSV:c818db0f1b9788c0157a637e0736f7f5db52260a
Branches Tags
DTSV:main
...
compare: DTSV:main
Branches Tags
DTSV:main

1 Commits
c818db0f1b ... main

Author SHA1 Message Date
Oli
e376193480 remove deprecated nginx config options 
This commit removes the Nginx configuration options related to OCSP stapling and OCSP Must-Staple.
Let's Encrypt is discontinuing OCSP support in favor of CRLs (Certificate Revocation Lists) to improve privacy and simplify infrastructure.
 2025-07-01 18:06:15 +00:00
1 changed files with 1 additions and 5 deletions
Expand all files Collapse all files

4
roles/nginx/templates/ssl.conf.j2
View File

@@ -6,10 +6,6 @@
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
ssl_early_data on; ssl_early_data on;
ssl_dhparam {{ nginx_ssl_dhparam }}; ssl_dhparam {{ nginx_ssl_dhparam }};
# OCSP Stapling fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001];
# SSL session handling # SSL session handling
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d; ssl_session_timeout 1d;