self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-11-27 22:18:22 +02:00
Code Issues Releases Activity

add OCSP stapling to nginx.conf

Browse Source 
It's not added in tls.conf, because apparently the mail ssl module
doesnt' support OCSP stapling.

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
^ exists

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_stapling
^ missing

When the configured certificate doesn't have OCSP information, it'll
just log a warning during startup.
This commit is contained in:
lub
2020-09-12 01:32:03 +02:00
parent 550065b043
commit 66db1f8fd0
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/nginx/conf/nginx.conf
View File

@@ -58,6 +58,8 @@ http {
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
include /etc/nginx/tls.conf; include /etc/nginx/tls.conf;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSLHTTP:50m; ssl_session_cache shared:SSLHTTP:50m;
add_header Strict-Transport-Security 'max-age=31536000'; add_header Strict-Transport-Security 'max-age=31536000';