diff --git a/INSTALL.md b/INSTALL.md index 69dc31614f..58f9fa87c0 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -441,6 +441,10 @@ Before starting the build process, review the [inventory](./installer/inventory) > Provide a port number that can be mapped from the Docker daemon host to the web server running inside the AWX container. Defaults to *80*. +*ssl_certificate* + +> Optionally, provide the path to a file that contains a certificate and its private key. + *use_docker_compose* > Switch to ``true`` to use Docker Compose instead of the standalone Docker install. @@ -527,7 +531,7 @@ After the playbook run completes, Docker will report up to 5 running containers. ```bash CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e240ed8209cd awx_task:1.0.0.8 "/tini -- /bin/sh ..." 2 minutes ago Up About a minute 8052/tcp awx_task -1cfd02601690 awx_web:1.0.0.8 "/tini -- /bin/sh ..." 2 minutes ago Up About a minute 0.0.0.0:80->8052/tcp awx_web +1cfd02601690 awx_web:1.0.0.8 "/tini -- /bin/sh ..." 2 minutes ago Up About a minute 0.0.0.0:443->8052/tcp awx_web 55a552142bcd memcached:alpine "docker-entrypoint..." 2 minutes ago Up 2 minutes 11211/tcp memcached 84011c072aad rabbitmq:3 "docker-entrypoint..." 2 minutes ago Up 2 minutes 4369/tcp, 5671-5672/tcp, 25672/tcp rabbitmq 97e196120ab3 postgres:9.6 "docker-entrypoint..." 2 minutes ago Up 2 minutes 5432/tcp postgres diff --git a/installer/inventory b/installer/inventory index b6c32e226e..873b73c528 100644 --- a/installer/inventory +++ b/installer/inventory @@ -53,6 +53,7 @@ awx_task_hostname=awx awx_web_hostname=awxweb postgres_data_dir=/tmp/pgdocker host_port=80 +#ssl_certificate= # Docker Compose Install # use_docker_compose=false diff --git a/installer/roles/image_build/tasks/main.yml b/installer/roles/image_build/tasks/main.yml index 8d4b3eb97c..d7d80141d7 100644 --- a/installer/roles/image_build/tasks/main.yml +++ b/installer/roles/image_build/tasks/main.yml @@ -129,7 +129,7 @@ - name: Stage nginx.conf template: - src: nginx.conf + src: nginx.conf.j2 dest: "{{ docker_base_path }}/nginx.conf" delegate_to: localhost diff --git a/installer/roles/image_build/templates/nginx.conf b/installer/roles/image_build/templates/nginx.conf.j2 similarity index 93% rename from installer/roles/image_build/templates/nginx.conf rename to installer/roles/image_build/templates/nginx.conf.j2 index d805922777..b40d3b3f22 100644 --- a/installer/roles/image_build/templates/nginx.conf +++ b/installer/roles/image_build/templates/nginx.conf.j2 @@ -36,7 +36,14 @@ http { } server { + {% if ssl_certificate is defined %} + listen 8052 ssl default_server; + + ssl_certificate /etc/nginx/awxweb.pem; + ssl_certificate_key /etc/nginx/awxweb.pem; + {% else %} listen 8052 default_server; + {% endif %} # If you have a domain name, this is where to add it server_name _; diff --git a/installer/roles/local_docker/tasks/standalone.yml b/installer/roles/local_docker/tasks/standalone.yml index 435dee6f5e..fc08126e4b 100644 --- a/installer/roles/local_docker/tasks/standalone.yml +++ b/installer/roles/local_docker/tasks/standalone.yml @@ -86,6 +86,7 @@ {{ ([project_data_dir + ':/var/lib/awx/projects:z'] if project_data_dir is defined else []) + ([ca_trust_dir + ':/etc/pki/ca-trust/source/anchors:ro'] if ca_trust_dir is defined else []) + + ([ssl_certificate + ':/etc/nginx/awxweb.pem:ro'] if ssl_certificate is defined else []) }} user: root ports: