diff --git a/roles/httpd/proxy/templates/httpd.conf.j2 b/roles/httpd/proxy/templates/httpd.conf.j2 index 77fb1987a1..56cbee3da0 100644 --- a/roles/httpd/proxy/templates/httpd.conf.j2 +++ b/roles/httpd/proxy/templates/httpd.conf.j2 @@ -765,3 +765,6 @@ ProxyTimeout 1200 # Try and enable these to improve performance EnableMMAP on EnableSendfile on + +# Configure a location for OCSP stapling +SSLStaplingCache shmcb:/tmp/stapling_cache(128000) diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf index a359d46132..58a4c7481a 100644 --- a/roles/httpd/website/templates/website.conf +++ b/roles/httpd/website/templates/website.conf @@ -57,6 +57,7 @@ {% endif %} SSLEngine on + SSLUseStapling on {% if certbot %} SSLCertificateFile /etc/pki/tls/certs/{{ site_name }}.cert SSLCertificateKeyFile /etc/pki/tls/private/{{ site_name }}.key