[ansible/artifactory] Enable OCSP stapling support artifactory_nginx_ssl #355
Comments
|
|
bbaassssiiee
added a commit
to TeamSalvador/JFrog-Cloud-Installers
that referenced
this issue
Dec 21, 2023
bbaassssiiee
added a commit
to TeamSalvador/JFrog-Cloud-Installers
that referenced
this issue
Dec 21, 2023
3 tasks
bbaassssiiee
added a commit
to TeamSalvador/JFrog-Cloud-Installers
that referenced
this issue
Jan 5, 2024
|
This feature is implemented in PR 358 |
bbaassssiiee
added a commit
to TeamSalvador/JFrog-Cloud-Installers
that referenced
this issue
Mar 12, 2024
|
JFrog R&D still looking at this repo? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is this a request for help?:
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
FEATURE REQUEST
Which installer:
Ansible
Which product and version (eg: ansible & collection version - 7.24.2):
Artifactory
Which operating system and version(eg: ubuntu & version - 20.4):
All
Which product license (Enterprise/Pro):
N/A
JFrog support reference (if already raised with support team):
What happened:
Enable support to use OCSP Stapling in NGINX conf file (https://github.com/jfrog/JFrog-Cloud-Installers/blob/master/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2)
This can be done by adding the following in the section with the other ssl parameters:
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/certs/artifactory-fullchain.crt;
For this to work you'll need to set ssl_trusted_certificate which contains the entire certificate chain.
What you expected to happen:
Introduce a new variable to the playbook called ssl_certificate_fullchain. If this is set, then enable stapling as shown above. This will allow people that want stapling to set the ssl_certificate_fullchain variable.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know:
The text was updated successfully, but these errors were encountered: