Activer le SSL pour Artifactory - 8.0

Guide d'installation de Talend Data Management Platform pour Windows

Version
8.0
Language
Français (France)
EnrichDitaval
Data Management Platform for Windows
Product
Talend Data Management Platform
Module
Studio Talend
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend Log Server
Talend Runtime
Talend SAP RFC Server
Content
Installation et mise à niveau

Procédure

  1. Générez une requête de certificat d'Autorité de Certification.
    ➜ zhengshu openssl req -new-key local.key -out local.csr
    req: Unrecognized flag new-key
    req: Use -help for summary.
    ➜ zhengshu openssl req -new -key local.key -out local.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:FR
    State or Province Name (full name) [Some-State]:FR
    Locality Name (eg, city) []:Surness
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Talend
    Organizational Unit Name (eg, section) []:Developer
    Common Name (e.g. server FQDN or YOUR name) []:RD
    Email Address []:aa@talend.com
     
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:tacadmin
    An optional company name []:tac

    Le fichier local.csr est généré.

  2. Configurez nginx pour utiliser HTTP ou HTTPS.
    ## add ssl entries when https has been set in config
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_certificate      /etc/nginx/ssl/yourdomain.com.crt;
    ssl_certificate_key  /etc/nginx/ssl/yourdomain.com.key;
    ssl_session_cache shared:SSL:1m;
    ssl_prefer_server_ciphers   on;
    ## server configuration
    server {
        listen 443 ssl;
        listen 80 ;
           
        server_name yourdomain.com;
      
        if ($http_x_forwarded_proto = '') {
            set $http_x_forwarded_proto  $scheme;
        }
        ## Application specific logs
        ## access_log /var/log/nginx/yourdomain.com-access.log timing;
        ## error_log /var/log/nginx/yourdomain.com-error.log;
        rewrite ^/$ /ui/ redirect;
        rewrite ^/ui$ /ui/ redirect;
        chunked_transfer_encoding on;
        client_max_body_size 0;
        location / {
            proxy_read_timeout  2400s;
            proxy_pass_header   Server;
            proxy_cookie_path   ~*^/.* /;
            proxy_pass          http://<artifactory-ip>:8082;
            proxy_next_upstream error timeout non_idempotent;
            proxy_next_upstream_tries    1;
            proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
            proxy_set_header    X-Forwarded-Port  $server_port;
            proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
            proxy_set_header    Host              $http_host;
            proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
      
            location ~ ^/artifactory/ {
                proxy_pass    http://<artifactory-ip>:8081;
            }
        }
    }