diff options
| author | softwarefactory-project-zuul[bot] <softwarefactory-project-zuul[bot]@users.noreply.github.com> | 2019-05-28 15:51:43 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-05-28 15:51:43 +0200 |
| commit | 9c90694f12696e27df658273b36bbc6222569dee (patch) | |
| tree | 55fad31fa3737257673000c46e105a7365d15fd0 /installer/roles | |
| parent | Merge pull request #3941 from elyezer/window-size-e2e (diff) | |
| parent | Set up HTTPS w/ proper port & HTTP redirect (diff) | |
| download | awx-9c90694f12696e27df658273b36bbc6222569dee.tar.xz awx-9c90694f12696e27df658273b36bbc6222569dee.zip | |
Merge pull request #3604 from athenahealth/complete-ssl-support
Update SSL support for docker-compose install
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
Diffstat (limited to 'installer/roles')
| -rw-r--r-- | installer/roles/image_build/templates/nginx.conf.j2 | 16 | ||||
| -rw-r--r-- | installer/roles/local_docker/templates/docker-compose.yml.j2 | 9 |
2 files changed, 22 insertions, 3 deletions
diff --git a/installer/roles/image_build/templates/nginx.conf.j2 b/installer/roles/image_build/templates/nginx.conf.j2 index b40d3b3f22..a0f23698cb 100644 --- a/installer/roles/image_build/templates/nginx.conf.j2 +++ b/installer/roles/image_build/templates/nginx.conf.j2 @@ -35,9 +35,19 @@ http { server 127.0.0.1:8051; } + {% if ssl_certificate is defined %} + server { + listen 8052 default_server; + server_name _; + + # Redirect all HTTP links to the matching HTTPS page + return 301 https://$host$request_uri; + } + {%endif %} + server { {% if ssl_certificate is defined %} - listen 8052 ssl default_server; + listen 8053 ssl; ssl_certificate /etc/nginx/awxweb.pem; ssl_certificate_key /etc/nginx/awxweb.pem; @@ -54,14 +64,14 @@ http { # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009) add_header X-Frame-Options "DENY"; - + location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } - + location /static/ { alias /var/lib/awx/public/static/; } diff --git a/installer/roles/local_docker/templates/docker-compose.yml.j2 b/installer/roles/local_docker/templates/docker-compose.yml.j2 index 138d0e9871..a4a3a7e3a5 100644 --- a/installer/roles/local_docker/templates/docker-compose.yml.j2 +++ b/installer/roles/local_docker/templates/docker-compose.yml.j2 @@ -12,6 +12,9 @@ services: - postgres {% endif %} ports: + {% if ssl_certificate is defined %} + - "{{ host_port_ssl }}:8053" + {% endif %} - "{{ host_port }}:8052" hostname: {{ awx_web_hostname }} user: root @@ -26,6 +29,9 @@ services: {% if ca_trust_dir is defined %} - "{{ ca_trust_dir +':/etc/pki/ca-trust/source/anchors:ro' }}" {% endif %} + {% if ssl_certificate is defined %} + - "{{ ssl_certificate +':/etc/nginx/awxweb.pem:ro' }}" + {% endif %} {% if (awx_container_search_domains is defined) and (',' in awx_container_search_domains) %} {% set awx_container_search_domains_list = awx_container_search_domains.split(',') %} dns_search: @@ -72,6 +78,9 @@ services: {% if ca_trust_dir is defined %} - "{{ ca_trust_dir +':/etc/pki/ca-trust/source/anchors:ro' }}" {% endif %} + {% if ssl_certificate is defined %} + - "{{ ssl_certificate +':/etc/nginx/awxweb.pem:ro' }}" + {% endif %} {% if (awx_container_search_domains is defined) and (',' in awx_container_search_domains) %} {% set awx_container_search_domains_list = awx_container_search_domains.split(',') %} dns_search: |