diff --git a/defaults/main.yml b/defaults/main.yml index be212ec..606961f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,6 +15,7 @@ nginx_org_modules: [] nginx_ssl_level: intermediate nginx_ssl_session_cache_size: '8096k' nginx_ssl_session_timeout: '10m' +nginx_ssl_stapling: true nginx_strict_transport_security_expire: 15768000 nginx_strict_transport_security_include_subdomains: False diff --git a/templates/nginx-server-ssl.conf.j2 b/templates/nginx-server-ssl.conf.j2 index bca2241..e0afbe8 100644 --- a/templates/nginx-server-ssl.conf.j2 +++ b/templates/nginx-server-ssl.conf.j2 @@ -38,8 +38,10 @@ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDS ssl_prefer_server_ciphers off; {% endif %} {% if ansible_distribution_version is version_compare('14.04', '>=') %} +{% if nginx_ssl_stapling %} ssl_stapling on; ssl_stapling_verify on; +{% endif %} {% if letsencrypt_acme_install is defined and letsencrypt_acme_install %} ssl_trusted_certificate {{ letsencrypt_acme_certs_dir }}/fullchain; {% else %}