【Nginx实战】Nginx开启OCSP stapling

1、首先科普一下什么是OCSP stapling：

2、 Nginx开启OCSP stapling配置：

server
{
    listen 80;
    listen 443 ssl http2;
    server_name oyhdo.com
    index index.html index.php index.htm default.php default.htm default.html;
    root /www/wwwroot/oyhdo.com/public;
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    ssl_certificate    /www/server/panel/vhost/cert/oyhdo.com/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/oyhdo.com/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;
    
    #OCSP stapling配置
    ssl_stapling on;
    ssl_stapling_verify on;