J0WI

nginx supports a [cache file](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling_file) and you can use your own preferred method and time interval to update OCSP responses.

https://github.com/golang/go/issues/51064#issuecomment-1070184302 contains a few hints

The `www-data` uid of your system and the id inside the container are not necessarily the same. https://docs.docker.com/engine/reference/run/#user https://docs.docker.com/engine/security/userns-remap/ If you start the container as root, it will set all...

Unfortunately no. There is neither support or documentation from Nextcloud nor is this a common setup in the official Docker library. There is also no official `unit` image and we...

I cannot reproduce with the most recent image.

Another advantage of Debian is, that you don't need the `DEBIAN_FRONTEND=noninteractive` hack. Debian works very well in noninteractive environments while Ubuntu has some troubles when installing locales or timezones.

> Copying Piwigo from the source repository My goal is that this image can be published in the docker store, so it's required to support automated builds. You can still...

The best would be to have a dedicated repo for the Docker stuff.

@plegall is there any chance that you bring this to Dockerhub?

That's basically what `security.OCSP.require` does in Firefox. Edit: this does not enforce OCSP _stapling_, but Firefox supports the OCSP Must-Staple extension. Traditional OCSP requests can leak sensitive information (see https://github.com/tlswg/draft-ietf-tls-esni/issues/156).