1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-20 04:31:52 +00:00
nixpkgs/nixos/modules/services/web-servers
Vincent Bernat 1251b34b5b nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.

The result can be tested with:

    openssl s_client -connect web.example.com:443 -status 2> /dev/null

Without OCSP stapling, we get:

    OCSP response: no response sent

After this change, we get:

    OCSP Response Data:
        OCSP Response Status: successful (0x0)
        Response Type: Basic OCSP Response
        Version: 1 (0x0)
        Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Produced At: Aug 30 20:46:00 2018 GMT
2018-08-30 22:47:41 +02:00
..
apache-httpd [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
hitch nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
jboss JBoss AS: list known vulnerability 2017-03-13 18:45:19 +01:00
lighttpd inginious: remove 2018-07-19 17:31:40 +02:00
nginx nixos/nginx: ensure TLS OCSP stapling works out of the box with LE 2018-08-30 22:47:41 +02:00
phpfpm phpfpm service: allow netlink sockets for sendmail 2017-08-29 00:41:31 +02:00
varnish nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
caddy.nix Revert "nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1" 2018-07-28 00:12:55 +03:00
fcgiwrap.nix fcgiwrap module: use enum 2016-11-04 13:04:52 +09:00
hydron.nix nixos/hydron: Various tweaks 2018-08-15 22:00:13 -05:00
meguca.nix nixos/meguca: Various fixes 2018-08-03 10:59:06 -05:00
mighttpd2.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
minio.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
shellinabox.nix shellinabox service: intial implementation 2015-07-04 21:18:13 +12:00
tomcat.nix Merge pull request #44371 from pvgoran/tomcat-webapps-listOfPaths 2018-08-02 23:32:33 +02:00
traefik.nix nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
uwsgi.nix [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
winstone.nix winstone module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
zope2.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00