alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
nixpkgs/nixos/modules/services/web-servers/nginx
History
Vincent Bernat 1251b34b5b nixos/nginx: ensure TLS OCSP stapling works out of the box with LE 
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.

The result can be tested with:

    openssl s_client -connect web.example.com:443 -status 2> /dev/null

Without OCSP stapling, we get:

    OCSP response: no response sent

After this change, we get:

    OCSP Response Data:
        OCSP Response Status: successful (0x0)
        Response Type: Basic OCSP Response
        Version: 1 (0x0)
        Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Produced At: Aug 30 20:46:00 2018 GMT
2018-08-30 22:47:41 +02:00
..
default.nix nixos/nginx: ensure TLS OCSP stapling works out of the box with LE 2018-08-30 22:47:41 +02:00
gitweb.nix nixos/gitweb: add gitwebTheme option 2018-04-17 20:07:01 +03:00
location-options.nix nginx module: add option for proxying websocket requests 2017-08-30 21:01:52 +02:00
vhost-options.nix nixos/nginx: ensure TLS OCSP stapling works out of the box with LE 2018-08-30 22:47:41 +02:00