Skip to content

Commit

Permalink
Fix for jfrog#355
Browse files Browse the repository at this point in the history
  • Loading branch information
@bbaassssiiee
bbaassssiiee committed Jan 5, 2024
1 parent 0419e12 commit 2d3e78c
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
2 changes: 2 additions & 0 deletions Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,5 @@ ssl_certificate_path: /etc/pki/tls/certs
ssl_certificate_key_path: /etc/pki/tls/private
ssl_certificate: cert.pem
ssl_certificate_key: cert.key
# if ssl_certificate has the full certificate chain then OCSP stapling can be enabled
ssl_certificate_fullchain: false
7 changes: 6 additions & 1 deletion ...ible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,13 @@
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_certificate {{ ssl_certificate_path }}/{{ ssl_certificate }};
ssl_certificate_key {{ ssl_certificate_key_path }}/{{ ssl_certificate_key }};
{% if ssl_certificate_fullchain %}
ssl_stapling on;
ssl_stapling_verify on;
{% endif %}
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;

## server configuration
server {
listen 443 ssl http2;
Expand Down Expand Up @@ -47,4 +52,4 @@
proxy_pass http://artifactory-direct;
}
}
}
}

0 comments on commit 2d3e78c

Please sign in to comment.