Fix for _ssl_secure template stappling switch.
Prod-Related: PROD-34706
Change-Id: Iad48a8b00e555b2218bc74cb99b9a748dbcdb799
diff --git a/nginx/files/_ssl_secure.conf b/nginx/files/_ssl_secure.conf
index f9dcaf3..05635e3 100644
--- a/nginx/files/_ssl_secure.conf
+++ b/nginx/files/_ssl_secure.conf
@@ -19,7 +19,6 @@
#https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_ciphers {{ ':'.join(_ciphers) }};
{%- endif %}
-
ssl_ecdh_curve {{ site.ssl.get('ecdh_curve','secp521r1') }};
{%- if site.ssl.prefer_server_ciphers is defined and site.ssl.prefer_server_ciphers == False %}
ssl_prefer_server_ciphers off;
@@ -28,5 +27,34 @@
{%- endif %}
ssl_dhparam /etc/ssl/dhparams.pem;
- ssl_stapling on;
- ssl_stapling_verify on;
+ {%- if site.ssl.stapling is defined %}
+ ssl_stapling {{ site.ssl.stapling }};
+ {%- endif %}
+ {%- if site.ssl.resolver is defined %}
+ {%- if site.ssl.resolver.valid_seconds is defined %}
+ resolver {{ site.ssl.resolver.address }} valid={{ site.ssl.resolver.valid_seconds }}s;
+ {%- else %}
+ resolver {{ site.ssl.resolver }};
+ {%- endif %}
+ {%- if site.ssl.resolver.timeout_seconds is defined %}
+ resolver_timeout {{ site.ssl.resolver.timeout_seconds }}s;
+ {%- endif %}
+ {%- endif %}
+ {%- if site.ssl.stapling_file is defined %}
+ ssl_stapling_file {{ site.ssl.stapling_file }};
+ {%- endif %}
+ {%- if site.ssl.stapling_responder is defined %}
+ ssl_stapling_responder {{ site.ssl.stapling_responder }};
+ {%- endif %}
+ {%- if site.ssl.stapling_verify is defined %}
+ ssl_stapling_verify {{ site.ssl.stapling_verify }};
+ {%- endif %}
+ {%- if site.ssl.verify_client is defined %}
+ ssl_verify_client {{ site.ssl.verify_client }};
+ {%- endif %}
+ {%- if site.ssl.get('client_certificate', {'enabled': False}).enabled and site.ssl.client_certificate.file is defined %}
+ ssl_client_certificate {{ site.ssl.client_certificate.file }};
+ {%- endif %}
+ {%- if site.ssl.verify_depth is defined %}
+ ssl_verify_depth {{ site.ssl.verify_depth }};
+ {%- endif %}