Can I get +1s for the following patch?
Explanation as to why this specific patch is in the commit message.
commit d2688610419973cd519ef8f8f581a03215aaf73c (HEAD -> master)
Author: Patrick Uiterwijk <patrick(a)puiterwijk.org>
Date: Tue Sep 25 21:25:00 2018 +0200
Only do OCSP stapling on the proxies
The actual cache is only set in the proxy HTTP config.
While we could set the cache path in the other servers' configs as well,
that would be a significantly larger change.
Signed-off-by: Patrick Uiterwijk <patrick(a)puiterwijk.org>
diff --git a/roles/httpd/website/templates/website.conf
b/roles/httpd/website/templates/website.conf
index 8ff23bbd0..afedf27eb 100644
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -57,7 +57,9 @@
{% endif %}
SSLEngine on
- SSLUseStapling on
+ {% if ansible_hostname.startswith('proxy') %}
+ SSLUseStapling on
+ {% endif %}
{% if certbot %}
SSLCertificateFile /etc/pki/tls/certs/{{ site_name }}.cert
SSLCertificateKeyFile /etc/pki/tls/private/{{ site_name }}.key
_______________________________________________
infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...