From ed568f569c3fd36d625cd8a7b3998bff25e7773f Mon Sep 17 00:00:00 2001
From: Markus Opahle <3225748+mopahle@users.noreply.github.com>
Date: Thu, 28 Feb 2019 14:06:59 +0100
Subject: [PATCH] only use ssl if certificate is specified

Signed-off-by: Markus Opahle <3225748+mopahle@users.noreply.github.com>
---
 INSTALL.md                                                    | 2 +-
 installer/inventory                                           | 2 +-
 installer/roles/image_build/tasks/main.yml                    | 2 +-
 installer/roles/image_build/templates/Dockerfile.j2           | 4 ----
 .../roles/image_build/templates/{nginx.conf => nginx.conf.j2} | 4 ++++
 5 files changed, 7 insertions(+), 7 deletions(-)
 rename installer/roles/image_build/templates/{nginx.conf => nginx.conf.j2} (96%)

diff --git a/INSTALL.md b/INSTALL.md
index bf0eef7488..58f9fa87c0 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -439,7 +439,7 @@ Before starting the build process, review the [inventory](./installer/inventory)
 
 *host_port*
 
-> Provide a port number that can be mapped from the Docker daemon host to the web server running inside the AWX container. Defaults to *443*.
+> Provide a port number that can be mapped from the Docker daemon host to the web server running inside the AWX container. Defaults to *80*.
 
 *ssl_certificate*
 
diff --git a/installer/inventory b/installer/inventory
index 570b2c6238..873b73c528 100644
--- a/installer/inventory
+++ b/installer/inventory
@@ -52,7 +52,7 @@ dockerhub_base=ansible
 awx_task_hostname=awx
 awx_web_hostname=awxweb
 postgres_data_dir=/tmp/pgdocker
-host_port=443
+host_port=80
 #ssl_certificate=
 
 # Docker Compose Install
diff --git a/installer/roles/image_build/tasks/main.yml b/installer/roles/image_build/tasks/main.yml
index 8d4b3eb97c..d7d80141d7 100644
--- a/installer/roles/image_build/tasks/main.yml
+++ b/installer/roles/image_build/tasks/main.yml
@@ -129,7 +129,7 @@
 
 - name: Stage nginx.conf
   template:
-    src: nginx.conf
+    src: nginx.conf.j2
     dest: "{{ docker_base_path }}/nginx.conf"
   delegate_to: localhost
 
diff --git a/installer/roles/image_build/templates/Dockerfile.j2 b/installer/roles/image_build/templates/Dockerfile.j2
index 897afb2546..11f1ced2df 100644
--- a/installer/roles/image_build/templates/Dockerfile.j2
+++ b/installer/roles/image_build/templates/Dockerfile.j2
@@ -53,10 +53,6 @@ RUN rm -rf /tmp/*
 
 RUN echo "{{ awx_version }}" > /var/lib/awx/.tower_version
 ADD nginx.conf /etc/nginx/nginx.conf
-RUN openssl req -newkey rsa:4906 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem -subj "/CN=localhost/" && \
-    cat certificate.pem key.pem > /etc/nginx/awxweb.pem && \
-    chmod 0600 /etc/nginx/awxweb.pem && \
-    rm certificate.pem key.pem
 ADD supervisor.conf /supervisor.conf
 ADD supervisor_task.conf /supervisor_task.conf
 ADD launch_awx.sh /usr/bin/launch_awx.sh
diff --git a/installer/roles/image_build/templates/nginx.conf b/installer/roles/image_build/templates/nginx.conf.j2
similarity index 96%
rename from installer/roles/image_build/templates/nginx.conf
rename to installer/roles/image_build/templates/nginx.conf.j2
index ef10e47903..b40d3b3f22 100644
--- a/installer/roles/image_build/templates/nginx.conf
+++ b/installer/roles/image_build/templates/nginx.conf.j2
@@ -36,10 +36,14 @@ http {
     }
 
     server {
+        {% if ssl_certificate is defined %}
         listen 8052 ssl default_server;
 
         ssl_certificate /etc/nginx/awxweb.pem;
         ssl_certificate_key /etc/nginx/awxweb.pem;
+        {% else %}
+        listen 8052 default_server;
+        {% endif %}
 
         # If you have a domain name, this is where to add it
         server_name _;