From a22f7908076fb11e92fafcd9998cd097d60a57f7 Mon Sep 17 00:00:00 2001
From: Aditya Patadia <adityapatadia@users.noreply.github.com>
Date: Mon, 6 May 2024 13:39:02 +0530
Subject: [PATCH] OCSP Stapling added

---
 templates/web.letsencrypt.ssl.template.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/templates/web.letsencrypt.ssl.template.yml b/templates/web.letsencrypt.ssl.template.yml
index ba5f551..2751aee 100644
--- a/templates/web.letsencrypt.ssl.template.yml
+++ b/templates/web.letsencrypt.ssl.template.yml
@@ -125,6 +125,10 @@ hooks:
        to: |
          ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key;
          ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME_ecc.key;
+         ssl_stapling on;
+         ssl_stapling_verify on;
+         resolver 8.8.8.8 1.1.1.1;
+         resolver_timeout 5s;
 
     - replace:
        filename: "/etc/nginx/conf.d/discourse.conf"