ncredir instances are currently running stretch, the main blocker for this task is the lack of support for multiple stapling files on nginx. This has been solved on stretch with a custom patch (0600-stapling-multi-file.patch).
@BBlack IIRC we mentioned the possibility of dropping RSA support on ncredir, so this would render 0600-stapling-multi-file.patch unnecessary, and we could upgrade ncredir to buster and go back to the "stock" nginx.
Upgrade status:
- ncredir1001
- ncredir1002
- ncredir1001
- ncredir2002
- ncredir3001
- ncredir3002
- ncredir4001
- ncredir4002
- ncredir5001
- ncredir5002