Enable OCSP / SSL stapling at the domain level

install/deb/templates/web/nginx/caching.stpl

@@ -3,6 +3,8 @@ server {
     server_name %domain_idn% %alias_idn%;
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {

install/deb/templates/web/nginx/default.stpl

@@ -3,6 +3,8 @@ server {
     server_name %domain_idn% %alias_idn%;
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {

install/deb/templates/web/nginx/hosting.stpl

@@ -3,6 +3,8 @@ server {
     server_name %domain_idn% %alias_idn%;
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {

install/deb/templates/web/nginx/php-fpm/cms_made_simple.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location / {
         try_files $uri $uri/ /index.php?page=$request_uri;

install/deb/templates/web/nginx/php-fpm/codeigniter2.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location / {
         try_files $uri $uri/ /index.php;

install/deb/templates/web/nginx/php-fpm/codeigniter3.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location / {
         try_files $uri $uri/ /index.php;

install/deb/templates/web/nginx/php-fpm/datalife_engine.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location / {
         rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last;

install/deb/templates/web/nginx/php-fpm/default.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location / {
 

install/deb/templates/web/nginx/php-fpm/dokuwiki.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location / {
         index doku.php;

install/deb/templates/web/nginx/php-fpm/drupal6.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location = /favicon.ico {
         log_not_found off;

install/deb/templates/web/nginx/php-fpm/drupal7.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location = /favicon.ico {
         log_not_found off;

install/deb/templates/web/nginx/php-fpm/drupal8.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location = /favicon.ico {
         log_not_found off;

install/deb/templates/web/nginx/php-fpm/joomla.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location / {
         try_files $uri $uri/ /index.php?$args;

install/deb/templates/web/nginx/php-fpm/laravel.stpl

@@ -7,9 +7,10 @@ server {
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
     error_log   /var/log/nginx/domains/%domain%.error.log error;
 
-
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
     
     location / {
         try_files $uri $uri/ /index.php?$query_string;

install/deb/templates/web/nginx/php-fpm/magento.stpl

@@ -11,6 +11,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     access_log  /var/log/nginx/domains/%domain%.log combined;
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;

install/deb/templates/web/nginx/php-fpm/modx.stpl

@@ -9,6 +9,9 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
 #   if you need to rewrite www to non-www uncomment bellow
 #   if ($host != '%domain%' ) {
 #       rewrite      ^/(.*)$  https://%domain%/$1  permanent;

install/deb/templates/web/nginx/php-fpm/moodle.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;
 

install/deb/templates/web/nginx/php-fpm/no-php.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     types {
             text/html   html htm shtml php php5;

install/deb/templates/web/nginx/php-fpm/odoo.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
     proxy_redirect          off;

install/deb/templates/web/nginx/php-fpm/opencart.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location / {
         try_files $uri $uri/ @opencart;

install/deb/templates/web/nginx/php-fpm/owncloud.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location = /favicon.ico {
         log_not_found off;

install/deb/templates/web/nginx/php-fpm/piwik.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location = /favicon.ico {
         try_files /favicon.ico =204;

install/deb/templates/web/nginx/php-fpm/pyrocms.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location /installer {
             try_files $uri $uri/ /installer/index.php?$query_string;

install/deb/templates/web/nginx/php-fpm/sendy.stpl

@@ -3,6 +3,8 @@ server {
     server_name %domain_idn% %alias_idn%;
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
     root        %docroot%;
     index       index.php index.html index.htm;
     access_log  /var/log/nginx/domains/%domain%.log combined;

install/deb/templates/web/nginx/php-fpm/wordpress.stpl

@@ -9,6 +9,8 @@ server {
 
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     location = /favicon.ico {
         log_not_found off;