summaryrefslogtreecommitdiffstats
path: root/sdc-os-chef/sdc-frontend/chef-repo/cookbooks
diff options
context:
space:
mode:
Diffstat (limited to 'sdc-os-chef/sdc-frontend/chef-repo/cookbooks')
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb6
-rw-r--r--sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb (renamed from sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb)9
2 files changed, 11 insertions, 4 deletions
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb
index 2800fd1808..fc9dd86f40 100644
--- a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/recipes/FE_7_create_jetty_modules.rb
@@ -34,12 +34,12 @@ template "FE-https-ini" do
end
-template "FE-ssl-ini" do
+template "ssl-ini" do
path "/#{jetty_base}/start.d/ssl.ini"
- source "FE-ssl-ini.erb"
+ source "ssl-ini.erb"
owner "jetty"
group "jetty"
mode "0755"
- variables :FE_https_port => "#{node['FE'][:https_port]}"
+ variables :https_port => "#{node['FE'][:https_port]}"
end
diff --git a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb
index 426e0e44b5..effbfa7918 100644
--- a/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/FE-ssl-ini.erb
+++ b/sdc-os-chef/sdc-frontend/chef-repo/cookbooks/sdc-catalog-fe/templates/default/ssl-ini.erb
@@ -8,7 +8,7 @@
# jetty.ssl.host=0.0.0.0
## Connector port to listen on
-jetty.ssl.port=<%= @FE_https_port %>
+jetty.ssl.port=<%= @https_port %>
## Connector idle timeout in milliseconds
# jetty.ssl.idleTimeout=30000
@@ -49,6 +49,7 @@ jetty.ssl.port=<%= @FE_https_port %>
## Keystore password
# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+jetty.sslContext.keyStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok
## Keystore type and provider
# jetty.sslContext.keyStoreType=JKS
@@ -56,9 +57,11 @@ jetty.ssl.port=<%= @FE_https_port %>
## KeyManager password
# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
+jetty.sslContext.keyManagerPassword=OBF:1cp61iuj194s194u194w194y1is31cok
## Truststore password
# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+jetty.sslContext.trustStorePassword=OBF:1cp61iuj194s194u194w194y1is31cok
## Truststore type and provider
# jetty.sslContext.trustStoreType=JKS
@@ -81,3 +84,7 @@ jetty.ssl.port=<%= @FE_https_port %>
## Set the timeout (in seconds) of the SslSession cache timeout
# jetty.sslContext.sslSessionTimeout=-1
+
+## Allow SSL renegotiation
+# jetty.sslContext.renegotiationAllowed=true
+# jetty.sslContext.renegotiationLimit=5