From 9bbdf9028adde3a92c723a2e0a0403196aa52100 Mon Sep 17 00:00:00 2001
From: Bas Meijer <bas.meijer@enexis.nl>
Date: Thu, 21 Dec 2023 10:25:55 +0100
Subject: [PATCH 1/3] Fix for #355

---
 .../platform/roles/artifactory_nginx_ssl/defaults/main.yml | 2 ++
 .../artifactory_nginx_ssl/templates/artifactory.conf.j2    | 7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/defaults/main.yml
index 181c6714..232ace1e 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/defaults/main.yml
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/defaults/main.yml
@@ -18,3 +18,5 @@ ssl_certificate_path: /etc/pki/tls/certs
 ssl_certificate_key_path: /etc/pki/tls/private
 ssl_certificate: cert.pem
 ssl_certificate_key: cert.key
+# if ssl_certificate has the full certificate chain then OCSP stapling can be enabled
+ssl_certificate_fullchain: false
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2
index 4d3976ee..68ea4e0a 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2
@@ -13,8 +13,13 @@
   ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
   ssl_certificate      {{ ssl_certificate_path }}/{{ ssl_certificate }};
   ssl_certificate_key  {{ ssl_certificate_key_path }}/{{ ssl_certificate_key }};
+  {% if ssl_certificate_fullchain %}
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  {% endif %}
   ssl_session_cache shared:SSL:1m;
   ssl_prefer_server_ciphers   on;
+  
   ## server configuration
   server {
   listen 443 ssl http2;
@@ -47,4 +52,4 @@
     proxy_pass    http://artifactory-direct;
     }
   }
-}
\ No newline at end of file
+}

From df45878b9fd4e74e95a3f6d429b2308e6548eb96 Mon Sep 17 00:00:00 2001
From: Bas Meijer <bas.meijer@enexis.nl>
Date: Thu, 21 Dec 2023 10:46:45 +0100
Subject: [PATCH 2/3] README

---
 .../jfrog/platform/roles/artifactory_nginx_ssl/README.md       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/README.md b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/README.md
index d8bd5a3b..65f929ec 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/README.md
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/README.md
@@ -8,6 +8,7 @@ The artifactory_nginx_ssl role installs and configures nginx for SSL.
 * _ssl_certificate_path_: This is the full directory path for the SSL certificate, excluding _ssl_certificate_.
 * _ssl_certificate_key_: This is the filename of the SSL private key.
 * _ssl_certificate_key_path_: This is the full directory path for the SSL private key, excluding _ssl_certificate_key_.
+* _ssl_certificate_fullchain_: Boolean, enables OCSP stapling if _ssl_certificate_ has the full chain.
 * _nginx_worker_processes_: The worker_processes configuration for nginx. Defaults to 1.
 * _artifactory_docker_registry_subdomain_: Whether to add a redirect directive to the nginx config for the use of docker
-  subdomains.
\ No newline at end of file
+  subdomains.

From 250997114a8237bfb8637dd4e532c6a16d3880f5 Mon Sep 17 00:00:00 2001
From: Bas Meijer <bas.meijer@enexis.nl>
Date: Thu, 21 Dec 2023 10:47:42 +0100
Subject: [PATCH 3/3] CHANGELOG

Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
---
 Ansible/ansible_collections/jfrog/platform/CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md b/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md
index a8348a8e..72e5864b 100644
--- a/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md
+++ b/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Platform Ansible Collection Changelog
 All changes to this collection will be documented in this file.
 
+## [10.17.2] - Mar 12, 2024
+* artifactory_nginx_ssl - OCSP stapling support [GH-358](https://github.com/jfrog/JFrog-Cloud-Installers/pull/358)
+
 ## [10.17.1] - Feb 29, 2024
 * Artifactory - Upgrade fails during the Check artifactory version [GH-369](https://github.com/jfrog/JFrog-Cloud-Installers/pull/369)
 * Product Updates/fixes