Demo web

playbooks/ome-demoserver.yml

@@ -193,7 +193,8 @@
         state: directory
         mode: 0755
         recurse: true
-        owner: root
+        owner: "omero-server"
+        group: "omero-server"
 
     - name: Download the Figure_To_Pdf.py script
       become: true
@@ -209,6 +210,7 @@
         force: true
 
   vars:
+    nginx_version: 1.26.2
     omero_figure_release: >-
       {{ omero_figure_release_override | default('7.2.0') }}
     omero_figure_script_release: >-
@@ -227,8 +229,8 @@
       {{ omero_signup_release_override | default('0.3.3') }}
 
     omero_server_release: >-
-      {{ omero_server_release_override | default('5.6.13') }}
-    omero_web_release: "{{ omero_web_release_override | default('5.27.2') }}"
+      {{ omero_server_release_override | default('5.6.14') }}
+    omero_web_release: "{{ omero_web_release_override | default('5.28.0') }}"
     omero_py_release: "{{ omero_py_release_override | default('5.19.5') }}"
     # For https://github.com/openmicroscopy/ansible-role-java,
     # which is a dependency.

playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2

@@ -10,6 +10,10 @@ ssl_certificate_key {{ ssl_certificate_key_path }};
 # http://nginx.org/en/docs/http/configuring_https_servers.html
 ssl_prefer_server_ciphers on;
 
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+
+
 # HTTP Strict Transport Security (HSTS)
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;