matrix_nginx_proxy_ocsp_stapling_enabled variable added

This commit is contained in:
sakkiii 2021-05-15 16:01:49 +05:30
parent c05021640d
commit 0dd4459799

View File

@ -279,18 +279,6 @@ matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices. # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
matrix_nginx_proxy_floc_optout_enabled: true matrix_nginx_proxy_floc_optout_enabled: true
# OCSP Stapling eliminating the need for clients to contact the CA, with the aim of improving both security and performance.
# OCSP stapling can provide a performance boost of up to 30%
# nginx web server supports OCSP stapling since version 1.3.7.
#
# *warning* Nginx is lazy loading OCSP responses, which means that for the first few web requests it is unable to add the OCSP response.
#
# Learn more about what it is here:
# - https://en.wikipedia.org/wiki/OCSP_stapling
# - https://blog.cloudflare.com/high-reliability-ocsp-stapling/
# - https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
matrix_nginx_proxy_ocsp_stapling_enabled: true
# Specifies the SSL configuration that should be used for the SSL protocols and ciphers # Specifies the SSL configuration that should be used for the SSL protocols and ciphers
# This is based on the Mozilla Server Side TLS Recommended configurations. # This is based on the Mozilla Server Side TLS Recommended configurations.
# #
@ -397,6 +385,18 @@ matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
matrix_ssl_pre_obtaining_required_service_name: ~ matrix_ssl_pre_obtaining_required_service_name: ~
matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds: 60 matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds: 60
# OCSP Stapling eliminating the need for clients to contact the CA, with the aim of improving both security and performance.
# OCSP stapling can provide a performance boost of up to 30%
# nginx web server supports OCSP stapling since version 1.3.7.
#
# *warning* Nginx is lazy loading OCSP responses, which means that for the first few web requests it is unable to add the OCSP response.
#
# Learn more about what it is here:
# - https://en.wikipedia.org/wiki/OCSP_stapling
# - https://blog.cloudflare.com/high-reliability-ocsp-stapling/
# - https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
matrix_nginx_proxy_ocsp_stapling_enabled: true
# nginx status page configurations. # nginx status page configurations.
matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false
matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}'] matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}']