From 8a4e2f48bfd2fec64eeebbeb7f05f80d23e9bd47 Mon Sep 17 00:00:00 2001
From: shibayashi <shibayashi@cypherpunk.observer>
Date: Mon, 3 Sep 2018 21:41:21 +0200
Subject: [PATCH] installation/pleroma-apache.conf: OCSP stapling needs to be
 outside of the virtualhost directive

---
 installation/pleroma-apache.conf | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/installation/pleroma-apache.conf b/installation/pleroma-apache.conf
index c70d52138..992c0c900 100644
--- a/installation/pleroma-apache.conf
+++ b/installation/pleroma-apache.conf
@@ -27,12 +27,6 @@ CustomLog ${APACHE_LOG_DIR}/access.log combined
     SSLCompression          off
     SSLSessionTickets       off
 
-    # OCSP Stapling, only in httpd 2.3.3 and later
-    SSLUseStapling          on
-    SSLStaplingResponderTimeout 5
-    SSLStaplingReturnResponderErrors off
-    SSLStaplingCache        shmcb:/var/run/ocsp(128000)
-
     Header always set X-Xss-Protection "1; mode=block"
     Header always set X-Frame-Options "DENY"
     Header always set X-Content-Type-Options "nosniff"
@@ -54,3 +48,9 @@ CustomLog ${APACHE_LOG_DIR}/access.log combined
     RequestHeader set Host "pleroma.example.com"
     ProxyPreserveHost On
 </VirtualHost>
+
+# OCSP Stapling, only in httpd 2.3.3 and later
+SSLUseStapling          on
+SSLStaplingResponderTimeout 5
+SSLStaplingReturnResponderErrors off
+SSLStaplingCache        shmcb:/var/run/ocsp(128000)
\ No newline at end of file