Activer le SSL pour Artifactory - 7.3

Guide d'installation Talend

Operating system
Subscription type
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Studio Talend
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend DQ Portal
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend Log Server
Talend MDM Server
Talend MDM Web UI
Talend Repository Manager
Talend Runtime
Talend SAP RFC Server
Installation et mise à niveau
Last publication date


  1. Générez une requête de certificat d'Autorité de Certification.
    ➜ zhengshu openssl req -new-key local.key -out local.csr
    req: Unrecognized flag new-key
    req: Use -help for summary.
    ➜ zhengshu openssl req -new -key local.key -out local.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    Country Name (2 letter code) [AU]:FR
    State or Province Name (full name) [Some-State]:FR
    Locality Name (eg, city) []:Surness
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Talend
    Organizational Unit Name (eg, section) []:Developer
    Common Name (e.g. server FQDN or YOUR name) []:RD
    Email Address []
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:tacadmin
    An optional company name []:tac

    Le fichier local.csr est généré.

  2. Configurez nginx pour utiliser HTTP ou HTTPS.
    ## add ssl entries when https has been set in config
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_certificate      /etc/nginx/ssl/;
    ssl_certificate_key  /etc/nginx/ssl/;
    ssl_session_cache shared:SSL:1m;
    ssl_prefer_server_ciphers   on;
    ## server configuration
    server {
        listen 443 ssl;
        listen 80 ;
        if ($http_x_forwarded_proto = '') {
            set $http_x_forwarded_proto  $scheme;
        ## Application specific logs
        ## access_log /var/log/nginx/ timing;
        ## error_log /var/log/nginx/;
        rewrite ^/$ /ui/ redirect;
        rewrite ^/ui$ /ui/ redirect;
        chunked_transfer_encoding on;
        client_max_body_size 0;
        location / {
            proxy_read_timeout  2400s;
            proxy_pass_header   Server;
            proxy_cookie_path   ~*^/.* /;
            proxy_pass          http://<artifactory-ip>:8082;
            proxy_next_upstream error timeout non_idempotent;
            proxy_next_upstream_tries    1;
            proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
            proxy_set_header    X-Forwarded-Port  $server_port;
            proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
            proxy_set_header    Host              $http_host;
            proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
            location ~ ^/artifactory/ {
                proxy_pass    http://<artifactory-ip>:8081;