Include ocsp stapling

src/freedombone-utils-web

@@ -89,6 +89,15 @@ function nginx_limits {
     echo '' >> $filename
 }
 
+function nginx_stapling {
+    domain_name=$1
+    filename=/etc/nginx/sites-available/$domain_name
+    echo "    ssl_stapling on;" >> $filename
+    echo '    ssl_stapling_verify on;' >> $filename
+    echo '    ssl_trusted_certificate /etc/ssl/certs/${domain_name}.pem;' >> $filename
+    echo '' >> $filename
+}
+
 function nginx_http_redirect {
     # redirect port 80 to https
     domain_name=$1
@@ -120,6 +129,7 @@ function nginx_ssl {
     echo '    ssl_prefer_server_ciphers on;' >> $filename
     echo "    ssl_protocols $SSL_PROTOCOLS;" >> $filename
     echo "    ssl_ciphers '$SSL_CIPHERS';" >> $filename
+    nginx_stapling $1
 }
 
 # check an individual domain name