From aed88b417b07dfe7cca9208ce8a946626676ff82 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Mon, 22 Mar 2021 19:02:10 +0000
Subject: [PATCH] nginx/server: Verify backend cert when proxying web sites

---
 roles/nginx/server/templates/nginx.conf.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/nginx/server/templates/nginx.conf.j2 b/roles/nginx/server/templates/nginx.conf.j2
index 9880210..e13ae5e 100644
--- a/roles/nginx/server/templates/nginx.conf.j2
+++ b/roles/nginx/server/templates/nginx.conf.j2
@@ -24,6 +24,8 @@ http {
 
     proxy_ssl_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt;
     proxy_ssl_certificate_key {{ tls_private }}/{{ inventory_hostname }}.key;
+    proxy_ssl_trusted_certificate {{ tls_certs }}/ca.crt;
+    proxy_ssl_verify on;
 
     server {
         listen 443 ssl http2;