alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
nixpkgs/nixos/modules/services
History
Vincent Bernat 1251b34b5b nixos/nginx: ensure TLS OCSP stapling works out of the box with LE 
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.

The result can be tested with:

    openssl s_client -connect web.example.com:443 -status 2> /dev/null

Without OCSP stapling, we get:

    OCSP response: no response sent

After this change, we get:

    OCSP Response Data:
        OCSP Response Status: successful (0x0)
        Response Type: Basic OCSP Response
        Version: 1 (0x0)
        Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Produced At: Aug 30 20:46:00 2018 GMT
2018-08-30 22:47:41 +02:00
..
admin nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
amqp nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
audio nixos/mpd: allow storage plugins in musicDirectory 2018-08-03 21:36:38 +02:00
backup Merge pull request #44332 from jerith666/restic-s3-default 2018-08-01 22:56:12 -04:00
cluster nixos/kubernetes: fix kubelet cgroup stats 2018-07-31 15:45:37 +02:00
computing nixos/slurm: remove propagatedBuidInputs from slurmWrapped 2018-06-02 14:01:24 +02:00
continuous-integration [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
databases cassandra: rewrote service from scratch 2018-08-07 14:48:43 +00:00
desktops Merge pull request #45107 from mnacamura/lightdm-accountsservice 2018-08-16 17:15:05 +02:00
development nixos/jupyter: init service 2018-08-26 12:00:54 +02:00
editors libinfinity: modernize expression 2018-08-08 01:40:26 +02:00
games nixos/terraria: Wait for daemon to stop 2018-08-20 21:41:29 +02:00
hardware nixos/undervolt: adding undervolt module 2018-08-20 21:01:19 +10:00
logging Merge branch 'master' into es6 2018-08-23 23:41:27 +02:00
mail [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
misc nixos/gitea: Symlink gitea locales to match running gitea version 2018-08-25 09:19:53 +02:00
monitoring nixos/zabbix: fix initial database creation (#45750) 2018-08-30 08:25:13 +01:00
network-filesystems Merge pull request #44238 from jfrankenau/samba-conf-override 2018-08-16 16:56:24 +02:00
networking Merge pull request #45058 from michaelpj/imp/freedesktop-modules 2018-08-30 16:14:35 +01:00
printing nixos/cupsd: add option to start when needed 2018-07-14 23:39:43 +02:00
scheduling nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
search elasticsearch-curator: include the module in the module-list & fix bug 2018-08-25 18:53:10 +02:00
security nixos/cfssl: don't create user/group unless service is enabled 2018-08-21 16:24:31 -04:00
system Merge pull request #44820 from michaelpj/fix/redshift-geoclue-agents 2018-08-14 17:13:09 +02:00
torrent [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
ttys [bot] treewide: remove unused 'inherit' in let blocks 2018-07-20 19:38:19 +00:00
web-apps youtrack: 2018.1.41051 -> 2018.2.44329 2018-08-09 21:46:21 +03:00
web-servers nixos/nginx: ensure TLS OCSP stapling works out of the box with LE 2018-08-30 22:47:41 +02:00
x11 Merge pull request #45058 from michaelpj/imp/freedesktop-modules 2018-08-30 16:14:35 +01:00