diff options
| -rw-r--r-- | INSTALL.md | 4 | ||||
| -rw-r--r-- | installer/inventory | 1 | ||||
| -rw-r--r-- | installer/roles/image_build/templates/nginx.conf.j2 | 16 | ||||
| -rw-r--r-- | installer/roles/local_docker/templates/docker-compose.yml.j2 | 3 |
4 files changed, 21 insertions, 3 deletions
diff --git a/INSTALL.md b/INSTALL.md index 65cda0954e..64488550dc 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -443,6 +443,10 @@ Before starting the build process, review the [inventory](./installer/inventory) > Provide a port number that can be mapped from the Docker daemon host to the web server running inside the AWX container. Defaults to *80*. +*host_port_ssl* + +> Provide a port number that can be mapped from the Docker daemon host to the web server running inside the AWX container for SSL support. Defaults to *443*, only works if you also set `ssl_certificate` (see below). + *ssl_certificate* > Optionally, provide the path to a file that contains a certificate and its private key. diff --git a/installer/inventory b/installer/inventory index e470012cf6..0341a6a8dc 100644 --- a/installer/inventory +++ b/installer/inventory @@ -53,6 +53,7 @@ awx_task_hostname=awx awx_web_hostname=awxweb postgres_data_dir=/tmp/pgdocker host_port=80 +host_port_ssl=443 #ssl_certificate= docker_compose_dir=/tmp/awxcompose diff --git a/installer/roles/image_build/templates/nginx.conf.j2 b/installer/roles/image_build/templates/nginx.conf.j2 index b40d3b3f22..a0f23698cb 100644 --- a/installer/roles/image_build/templates/nginx.conf.j2 +++ b/installer/roles/image_build/templates/nginx.conf.j2 @@ -35,9 +35,19 @@ http { server 127.0.0.1:8051; } + {% if ssl_certificate is defined %} + server { + listen 8052 default_server; + server_name _; + + # Redirect all HTTP links to the matching HTTPS page + return 301 https://$host$request_uri; + } + {%endif %} + server { {% if ssl_certificate is defined %} - listen 8052 ssl default_server; + listen 8053 ssl; ssl_certificate /etc/nginx/awxweb.pem; ssl_certificate_key /etc/nginx/awxweb.pem; @@ -54,14 +64,14 @@ http { # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009) add_header X-Frame-Options "DENY"; - + location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } - + location /static/ { alias /var/lib/awx/public/static/; } diff --git a/installer/roles/local_docker/templates/docker-compose.yml.j2 b/installer/roles/local_docker/templates/docker-compose.yml.j2 index 3fba670f15..a4a3a7e3a5 100644 --- a/installer/roles/local_docker/templates/docker-compose.yml.j2 +++ b/installer/roles/local_docker/templates/docker-compose.yml.j2 @@ -12,6 +12,9 @@ services: - postgres {% endif %} ports: + {% if ssl_certificate is defined %} + - "{{ host_port_ssl }}:8053" + {% endif %} - "{{ host_port }}:8052" hostname: {{ awx_web_hostname }} user: root |