OpenSpeak.net

User Tools

Site Tools

Trace: secure_web_browsing_with_an_ssh_socks_proxy
classes:install_confluence_671_bin

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
classes:install_confluence_671_bin [2018/02/14 13:20] – [Install Confluence 6.7.1 from Binary Installer] curry_searleclasses:install_confluence_671_bin [2018/03/02 09:31] (current) – [Install Confluence 6.7.1 from Binary Installer] curry_searle
Line 133: Line 133:
 ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
 ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
 +</code>
 +
 +Edit ''/etc/nginx/snippets/ssl-params.conf'':
 +<code>
 +sudo vi /etc/nginx/snippets/ssl-params.conf
 +</code>
 +to include the following:
 +<code>
 +# from https://cipherli.st/
 +# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
 +ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 +ssl_prefer_server_ciphers on;
 +ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
 +ssl_ecdh_curve secp384r1;
 +ssl_session_cache shared:SSL:10m;
 +ssl_session_tickets off;
 +ssl_stapling on;
 +ssl_stapling_verify on;
 +resolver 8.8.8.8 8.8.4.4 valid=300s;
 +resolver_timeout 5s;
 +# Disable preloading HSTS for now.  You can use the commented out header line that includes
 +# the "preload" directive if you understand the implications.
 +#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
 +add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
 +add_header X-Frame-Options DENY;
 +add_header X-Content-Type-Options nosniff;
 +
 +ssl_dhparam /etc/ssl/certs/dhparam.pem;
 </code> </code>
  
Line 140: Line 168:
 </code> </code>
  
-Edit ''/etc/nginx/sites-available/default'' to include the following text:+Edit ''/etc/nginx/sites-available/default''
 +<code> 
 +sudo vi /etc/nginx/sites-available/default 
 +</code> 
 + to include the following text, adjusted to match your DNS hostname:
 <code> <code>
 server { server {
Line 169: Line 201:
  
 ===Configure Confluence to Recognize the Proxy=== ===Configure Confluence to Recognize the Proxy===
-Edit the ''Connector'' section of ''/opt/atlassian/confluence/conf/server.xml'':+Backup and edit the ''Connector'' section of ''/opt/atlassian/confluence/conf/server.xml'':
 <code> <code>
 +sudo cp /opt/atlassian/confluence/conf/server.xml /opt/atlassian/confluence/conf/server.xml-DIST
 sudo vi  /opt/atlassian/confluence/conf/server.xml sudo vi  /opt/atlassian/confluence/conf/server.xml
 </code> </code>
classes/install_confluence_671_bin.1518643216.txt.gz · Last modified: 2018/02/14 13:20 by curry_searle