digitalocean/nginxconfig.io

Configuring OCSP

Open

Aperta il 8 apr 2022

Vedi su GitHub
 (6 commenti) (1 reazione) (1 assegnatario)JavaScript (26.979 star) (1978 fork)batch import
hacktoberfesthelp wanted

Descrizione

Information

https://whatismybrowser.com/w/QCB7F49

Help request

Problem

OCSP is not enabled after using the generated configuration. Multiple tools (digicert helpers, ssllabs, openssl) report that OCSP is disabled. I made sure I was checking this on subsequent requests due to asynchronicity of the OCSP fetch.

What I have tried

The OCSP stapling configured in the nginx.conf

# OCSP Stapling
ssl_stapling           on;
ssl_stapling_verify    on;
resolver               1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout       2s;

The trusted certificate configured in the server block (some systems might require this when ssl_stapling_verify is on)

ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

Guida contributor

Tech stack
Nessuno
Dominio
devops
Tipo issue
bug
DifficoltàQuanto dovrebbe essere impegnativa per un nuovo contributor.
2
Tempo stimatoTempo stimato per completare e verificare uno scope piccolo.
1-3 hours
Stato attivitàQuanto è probabile che la issue sia ancora attiva e reviewable.
stale
ChiarezzaQuanto chiaramente la issue descrive problema, scope e risultato atteso.
clear
Prerequisiti
familiarity with nginxbasic SSL/TLS concepts
Adatta ai principiantiQuanto la issue è adatta a contributor alla prima esperienza.
40
Direzione di ricerca
Investigate the nginxconfig.io source code, specifically the template or generator logic for SSL configuration. Verify that the `ssl stapling`, `ssl stapling verify`, and `ssl trusted certificate` directives are correctly included in the generated nginx config. Check if there is a version mismatch or missing conditional logic for different nginx versions. Also review the issue comments for any suggested fixes or workarounds from maintainers.