From 0dd4459799d5de01e08a8636fb6d0709f449ab15 Mon Sep 17 00:00:00 2001 From: sakkiii Date: Sat, 15 May 2021 16:01:49 +0530 Subject: [PATCH] matrix_nginx_proxy_ocsp_stapling_enabled variable added --- roles/matrix-nginx-proxy/defaults/main.yml | 24 +++++++++++----------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 63f555623..be15ff609 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -279,18 +279,6 @@ matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. matrix_nginx_proxy_floc_optout_enabled: true -# OCSP Stapling eliminating the need for clients to contact the CA, with the aim of improving both security and performance. -# OCSP stapling can provide a performance boost of up to 30% -# nginx web server supports OCSP stapling since version 1.3.7. -# -# *warning* Nginx is lazy loading OCSP responses, which means that for the first few web requests it is unable to add the OCSP response. -# -# Learn more about what it is here: -# - https://en.wikipedia.org/wiki/OCSP_stapling -# - https://blog.cloudflare.com/high-reliability-ocsp-stapling/ -# - https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ -matrix_nginx_proxy_ocsp_stapling_enabled: true - # Specifies the SSL configuration that should be used for the SSL protocols and ciphers # This is based on the Mozilla Server Side TLS Recommended configurations. # @@ -397,6 +385,18 @@ matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" matrix_ssl_pre_obtaining_required_service_name: ~ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds: 60 +# OCSP Stapling eliminating the need for clients to contact the CA, with the aim of improving both security and performance. +# OCSP stapling can provide a performance boost of up to 30% +# nginx web server supports OCSP stapling since version 1.3.7. +# +# *warning* Nginx is lazy loading OCSP responses, which means that for the first few web requests it is unable to add the OCSP response. +# +# Learn more about what it is here: +# - https://en.wikipedia.org/wiki/OCSP_stapling +# - https://blog.cloudflare.com/high-reliability-ocsp-stapling/ +# - https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ +matrix_nginx_proxy_ocsp_stapling_enabled: true + # nginx status page configurations. matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}']