Re: FBR: Disable OCSP on non-proxies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

+1 here.

-re

On 09/25/2018 03:26 PM, Patrick マルタインアンドレアス Uiterwijk wrote:
> Can I get +1s for the following patch?
> Explanation as to why this specific patch is in the commit message.
>
>
>
> commit d2688610419973cd519ef8f8f581a03215aaf73c (HEAD -> master)
> Author: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
> Date:   Tue Sep 25 21:25:00 2018 +0200
>
>     Only do OCSP stapling on the proxies
>     
>     The actual cache is only set in the proxy HTTP config.
>     While we could set the cache path in the other servers' configs as well,
>     that would be a significantly larger change.
>     
>     Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
>
> diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf
> index 8ff23bbd0..afedf27eb 100644
> --- a/roles/httpd/website/templates/website.conf
> +++ b/roles/httpd/website/templates/website.conf
> @@ -57,7 +57,9 @@
>  {% endif %}
>  
>    SSLEngine on
> -  SSLUseStapling on
> +  {% if ansible_hostname.startswith('proxy') %}
> +    SSLUseStapling on
> +  {% endif %}
>  {% if certbot %}
>    SSLCertificateFile /etc/pki/tls/certs/{{ site_name }}.cert
>    SSLCertificateKeyFile /etc/pki/tls/private/{{ site_name }}.key
> _______________________________________________
> infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux