-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ansible/artifactory] Enable OCSP stapling support artifactory_nginx_ssl #355
Comments
|
bbaassssiiee
added a commit
to TeamSalvador/JFrog-Cloud-Installers
that referenced
this issue
Dec 21, 2023
bbaassssiiee
added a commit
to TeamSalvador/JFrog-Cloud-Installers
that referenced
this issue
Dec 21, 2023
3 tasks
bbaassssiiee
added a commit
to TeamSalvador/JFrog-Cloud-Installers
that referenced
this issue
Jan 5, 2024
This feature is implemented in PR 358 |
bbaassssiiee
added a commit
to TeamSalvador/JFrog-Cloud-Installers
that referenced
this issue
Mar 12, 2024
JFrog R&D still looking at this repo? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is this a request for help?:
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
FEATURE REQUEST
Which installer:
Ansible
Which product and version (eg: ansible & collection version - 7.24.2):
Artifactory
Which operating system and version(eg: ubuntu & version - 20.4):
All
Which product license (Enterprise/Pro):
N/A
JFrog support reference (if already raised with support team):
What happened:
Enable support to use OCSP Stapling in NGINX conf file (https://github.com/jfrog/JFrog-Cloud-Installers/blob/master/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2)
This can be done by adding the following in the section with the other ssl parameters:
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/certs/artifactory-fullchain.crt;
For this to work you'll need to set ssl_trusted_certificate which contains the entire certificate chain.
What you expected to happen:
Introduce a new variable to the playbook called ssl_certificate_fullchain. If this is set, then enable stapling as shown above. This will allow people that want stapling to set the ssl_certificate_fullchain variable.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know:
The text was updated successfully, but these errors were encountered: