diff --git a/INSTALL.md b/INSTALL.md index 69dc31614f..bf0eef7488 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -439,7 +439,11 @@ Before starting the build process, review the [inventory](./installer/inventory) *host_port* -> Provide a port number that can be mapped from the Docker daemon host to the web server running inside the AWX container. Defaults to *80*. +> Provide a port number that can be mapped from the Docker daemon host to the web server running inside the AWX container. Defaults to *443*. + +*ssl_certificate* + +> Optionally, provide the path to a file that contains a certificate and its private key. *use_docker_compose* @@ -527,7 +531,7 @@ After the playbook run completes, Docker will report up to 5 running containers. ```bash CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e240ed8209cd awx_task:1.0.0.8 "/tini -- /bin/sh ..." 2 minutes ago Up About a minute 8052/tcp awx_task -1cfd02601690 awx_web:1.0.0.8 "/tini -- /bin/sh ..." 2 minutes ago Up About a minute 0.0.0.0:80->8052/tcp awx_web +1cfd02601690 awx_web:1.0.0.8 "/tini -- /bin/sh ..." 2 minutes ago Up About a minute 0.0.0.0:443->8052/tcp awx_web 55a552142bcd memcached:alpine "docker-entrypoint..." 2 minutes ago Up 2 minutes 11211/tcp memcached 84011c072aad rabbitmq:3 "docker-entrypoint..." 2 minutes ago Up 2 minutes 4369/tcp, 5671-5672/tcp, 25672/tcp rabbitmq 97e196120ab3 postgres:9.6 "docker-entrypoint..." 2 minutes ago Up 2 minutes 5432/tcp postgres diff --git a/installer/inventory b/installer/inventory index b6c32e226e..570b2c6238 100644 --- a/installer/inventory +++ b/installer/inventory @@ -52,7 +52,8 @@ dockerhub_base=ansible awx_task_hostname=awx awx_web_hostname=awxweb postgres_data_dir=/tmp/pgdocker -host_port=80 +host_port=443 +#ssl_certificate= # Docker Compose Install # use_docker_compose=false diff --git a/installer/roles/image_build/templates/Dockerfile.j2 b/installer/roles/image_build/templates/Dockerfile.j2 index 11f1ced2df..897afb2546 100644 --- a/installer/roles/image_build/templates/Dockerfile.j2 +++ b/installer/roles/image_build/templates/Dockerfile.j2 @@ -53,6 +53,10 @@ RUN rm -rf /tmp/* RUN echo "{{ awx_version }}" > /var/lib/awx/.tower_version ADD nginx.conf /etc/nginx/nginx.conf +RUN openssl req -newkey rsa:4906 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem -subj "/CN=localhost/" && \ + cat certificate.pem key.pem > /etc/nginx/awxweb.pem && \ + chmod 0600 /etc/nginx/awxweb.pem && \ + rm certificate.pem key.pem ADD supervisor.conf /supervisor.conf ADD supervisor_task.conf /supervisor_task.conf ADD launch_awx.sh /usr/bin/launch_awx.sh diff --git a/installer/roles/image_build/templates/nginx.conf b/installer/roles/image_build/templates/nginx.conf index d805922777..ef10e47903 100644 --- a/installer/roles/image_build/templates/nginx.conf +++ b/installer/roles/image_build/templates/nginx.conf @@ -36,7 +36,10 @@ http { } server { - listen 8052 default_server; + listen 8052 ssl default_server; + + ssl_certificate /etc/nginx/awxweb.pem; + ssl_certificate_key /etc/nginx/awxweb.pem; # If you have a domain name, this is where to add it server_name _; diff --git a/installer/roles/local_docker/tasks/standalone.yml b/installer/roles/local_docker/tasks/standalone.yml index 435dee6f5e..fc08126e4b 100644 --- a/installer/roles/local_docker/tasks/standalone.yml +++ b/installer/roles/local_docker/tasks/standalone.yml @@ -86,6 +86,7 @@ {{ ([project_data_dir + ':/var/lib/awx/projects:z'] if project_data_dir is defined else []) + ([ca_trust_dir + ':/etc/pki/ca-trust/source/anchors:ro'] if ca_trust_dir is defined else []) + + ([ssl_certificate + ':/etc/nginx/awxweb.pem:ro'] if ssl_certificate is defined else []) }} user: root ports: