Revert "nginx: update SSL cert paths for AOP"
This reverts commit 51e756b956
.
This commit is contained in:
parent
dc322445fe
commit
9cb68e810e
|
@ -18,10 +18,9 @@ server {
|
|||
root /var/www/dl.msfjarvis.dev;
|
||||
index index.html index.php /_h5ai/public/index.php;
|
||||
|
||||
ssl_certificate /etc/ssl/certs/cert.pem;
|
||||
ssl_certificate_key /etc/ssl/private/key.pem;
|
||||
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
|
||||
ssl_verify_client on;
|
||||
ssl_certificate /etc/letsencrypt/live/msfjarvis.dev/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/msfjarvis.dev/privkey.pem;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||
ssl_session_tickets off;
|
||||
|
||||
|
@ -36,6 +35,17 @@ server {
|
|||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
# OCSP stapling
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
# Authenticated origin pulls
|
||||
# ssl_client_certificate /etc/nginx/certs/cloudflare.crt;
|
||||
# ssl_verify_client on;
|
||||
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
# ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
|
||||
|
|
Loading…
Reference in New Issue