Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ansible/artifactory] Enable OCSP stapling support artifactory_nginx_ssl #355

Open
PolaricEntropy opened this issue Dec 17, 2023 · 3 comments

Comments

@PolaricEntropy
Copy link
Contributor

Is this a request for help?:


Is this a BUG REPORT or FEATURE REQUEST? (choose one):
FEATURE REQUEST

Which installer:
Ansible

Which product and version (eg: ansible & collection version - 7.24.2):
Artifactory

Which operating system and version(eg: ubuntu & version - 20.4):
All

Which product license (Enterprise/Pro):
N/A

JFrog support reference (if already raised with support team):

What happened:
Enable support to use OCSP Stapling in NGINX conf file (https://github.com/jfrog/JFrog-Cloud-Installers/blob/master/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2)

This can be done by adding the following in the section with the other ssl parameters:

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/certs/artifactory-fullchain.crt;

For this to work you'll need to set ssl_trusted_certificate which contains the entire certificate chain.

What you expected to happen:
Introduce a new variable to the playbook called ssl_certificate_fullchain. If this is set, then enable stapling as shown above. This will allow people that want stapling to set the ssl_certificate_fullchain variable.

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know:

@bbaassssiiee
Copy link
Contributor

ssl_certificate is already used as the variable for the certificate (chain), so no need for ssl_trusted_certificate.

bbaassssiiee added a commit to TeamSalvador/JFrog-Cloud-Installers that referenced this issue Dec 21, 2023
bbaassssiiee added a commit to TeamSalvador/JFrog-Cloud-Installers that referenced this issue Dec 21, 2023
bbaassssiiee added a commit to TeamSalvador/JFrog-Cloud-Installers that referenced this issue Jan 5, 2024
@bbaassssiiee
Copy link
Contributor

This feature is implemented in PR 358

bbaassssiiee added a commit to TeamSalvador/JFrog-Cloud-Installers that referenced this issue Mar 12, 2024
@bbaassssiiee
Copy link
Contributor

JFrog R&D still looking at this repo?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants