Enable SSL for Artifactory - 8.0

Talend Installation Guide

Version
8.0
Language
English
Operating system
Windows
Subscription type
Subscription
Product
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend LogServer
Talend MDM Server
Talend MDM Web UI
Talend Runtime
Talend SAP RFC Server
Talend Studio
Content
Installation and Upgrade
Last publication date
2022-10-30

Procedure

  1. Generate a CA certificate request.
    ➜ zhengshu openssl req -new-key local.key -out local.csr
    req: Unrecognized flag new-key
    req: Use -help for summary.
    ➜ zhengshu openssl req -new -key local.key -out local.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:FR
    State or Province Name (full name) [Some-State]:FR
    Locality Name (eg, city) []:Surness
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Talend
    Organizational Unit Name (eg, section) []:Developer
    Common Name (e.g. server FQDN or YOUR name) []:RD
    Email Address []:aa@talend.com
     
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:tacadmin
    An optional company name []:tac

    The local.csr file is generated.

  2. Configure nginx to use HTTP or HTTPS.
    ## add ssl entries when https has been set in config
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_certificate      /etc/nginx/ssl/yourdomain.com.crt;
    ssl_certificate_key  /etc/nginx/ssl/yourdomain.com.key;
    ssl_session_cache shared:SSL:1m;
    ssl_prefer_server_ciphers   on;
    ## server configuration
    server {
        listen 443 ssl;
        listen 80 ;
           
        server_name yourdomain.com;
      
        if ($http_x_forwarded_proto = '') {
            set $http_x_forwarded_proto  $scheme;
        }
        ## Application specific logs
        ## access_log /var/log/nginx/yourdomain.com-access.log timing;
        ## error_log /var/log/nginx/yourdomain.com-error.log;
        rewrite ^/$ /ui/ redirect;
        rewrite ^/ui$ /ui/ redirect;
        chunked_transfer_encoding on;
        client_max_body_size 0;
        location / {
            proxy_read_timeout  2400s;
            proxy_pass_header   Server;
            proxy_cookie_path   ~*^/.* /;
            proxy_pass          http://<artifactory-ip>:8082;
            proxy_next_upstream error timeout non_idempotent;
            proxy_next_upstream_tries    1;
            proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
            proxy_set_header    X-Forwarded-Port  $server_port;
            proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
            proxy_set_header    Host              $http_host;
            proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
      
            location ~ ^/artifactory/ {
                proxy_pass    http://<artifactory-ip>:8081;
            }
        }
    }