From 9a8a81fdb095de6664f513110fd4d1baeb1ea4ea Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 21 May 2021 08:35:19 +0300 Subject: [PATCH] Disable OCSP stapling when self-signed certificates are used Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1073 --- group_vars/matrix_servers | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e5ce1027..b4e5ac6e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1239,6 +1239,11 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ m matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}" +# OCSP stapling does not make sense when self-signed certificates are used. +# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1073 +# and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1074 +matrix_nginx_proxy_ocsp_stapling_enabled: "{{ matrix_ssl_retrieval_method != 'self-signed' }}" + matrix_nginx_proxy_synapse_presence_disabled: "{{ not matrix_synapse_presence_enabled }}" matrix_nginx_proxy_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"