* Enable OCSP stapling verification.

swarad07 · Aug 7, 2015 · 067a84f · 067a84f
1 parent 86799cb
commit 067a84f
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/nginx.conf b/nginx.conf
@@ -22,9 +22,6 @@ http {
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
 
-    ## FastCGI.
-    include /etc/nginx/fastcgi.conf;
-
     ## Default log and error files.
     access_log /var/log/nginx/access.log;
     error_log /var/log/nginx/error.log;
@@ -119,6 +116,9 @@ http {
 
     ## Enable OCSP stapling. A better way to revocate server certificates.
     ssl_stapling on;
+    ## Enable verification of OCSP stapling responses by the server.
+    ssl_stapling_verify on;
+
     ## Fill in with your own resolver.
     resolver 8.8.8.8;
 
@@ -174,6 +174,9 @@ http {
     ## any of the apps/drupal/microcache* files.
     add_header X-Micro-Cache $upstream_cache_status;
 
+    ## FastCGI.
+    include /etc/nginx/fastcgi.conf;
+
     ## Include the upstream servers for PHP FastCGI handling config.
     ## This one uses the FCGI process listening on TCP sockets.
     include upstream_phpcgi_tcp.conf;
@@ -194,11 +197,11 @@ http {
     ## previous version then uncomment out the line below.
     #include map_https_fcgi.conf;
 
-    # Support the X-Forwarded-Proto header for fastcgi.
+    ## Support the X-Forwarded-Proto header for fastcgi.
     map $http_x_forwarded_proto $fastcgi_https {
-      default $https;
-      http '';
-      https on;
+        default $https;
+        http '';
+        https on;
     }
 
     ## Include the upstream servers for Apache handling the PHP