From 8f427fb6163ae0e710d001a530c60ec90fa694e3 Mon Sep 17 00:00:00 2001 From: Aditya Patadia Date: Fri, 10 Feb 2023 13:11:38 +0530 Subject: [PATCH 1/2] OCSP stapling added --- templates/web.letsencrypt.ssl.template.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/web.letsencrypt.ssl.template.yml b/templates/web.letsencrypt.ssl.template.yml index aa4104b0f..4b4f5c6d4 100644 --- a/templates/web.letsencrypt.ssl.template.yml +++ b/templates/web.letsencrypt.ssl.template.yml @@ -125,6 +125,9 @@ hooks: to: | ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key; ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME_ecc.key; + ssl_stapling on; + ssl_stapling_verify on; + resolver 8.8.4.4 8.8.8.8; - replace: filename: "/etc/nginx/conf.d/discourse.conf" From 7a3d4adf07928e748ff19d669e6e2183ba7b1d24 Mon Sep 17 00:00:00 2001 From: Aditya Patadia Date: Wed, 26 Apr 2023 15:23:02 +0530 Subject: [PATCH 2/2] added cloudflare DNS and resolver_timeout --- templates/web.letsencrypt.ssl.template.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/web.letsencrypt.ssl.template.yml b/templates/web.letsencrypt.ssl.template.yml index 4b4f5c6d4..490c3ee7c 100644 --- a/templates/web.letsencrypt.ssl.template.yml +++ b/templates/web.letsencrypt.ssl.template.yml @@ -127,7 +127,8 @@ hooks: ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME_ecc.key; ssl_stapling on; ssl_stapling_verify on; - resolver 8.8.4.4 8.8.8.8; + resolver 8.8.8.8 1.1.1.1; + resolver_timeout 5s; - replace: filename: "/etc/nginx/conf.d/discourse.conf"