From b904ef8a0e94c085a4c012d199ab0df2a5ff2ead Mon Sep 17 00:00:00 2001 From: Prudhvi Godithi Date: Thu, 7 Nov 2024 12:29:30 -0800 Subject: [PATCH] Update ssl setting Signed-off-by: Prudhvi Godithi --- infrastructure/lib/constructs/opensearchNginxProxyCognito.ts | 3 +-- infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/infrastructure/lib/constructs/opensearchNginxProxyCognito.ts b/infrastructure/lib/constructs/opensearchNginxProxyCognito.ts index df9209d..dd1fb5c 100644 --- a/infrastructure/lib/constructs/opensearchNginxProxyCognito.ts +++ b/infrastructure/lib/constructs/opensearchNginxProxyCognito.ts @@ -176,12 +176,11 @@ export class OpenSearchMetricsNginxCognito extends Construct { resolver 10.0.0.2 ipv6=off; server { - listen 443; + listen 443 ssl; server_name $host; rewrite ^/$ https://$host/_dashboards redirect; ssl_certificate /etc/nginx/cert.crt; ssl_certificate_key /etc/nginx/cert.key; - ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; diff --git a/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts b/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts index 561f643..617b111 100644 --- a/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts +++ b/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts @@ -162,12 +162,11 @@ export class OpenSearchMetricsNginxReadonly extends Stack { resolver 10.0.0.2 ipv6=off; server { - listen 443; + listen 443 ssl; server_name $host; rewrite ^/$ https://$host/_dashboards redirect; ssl_certificate /etc/nginx/cert.crt; ssl_certificate_key /etc/nginx/cert.key; - ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;