diff --git a/config/awx-httpd-443.conf b/config/awx-httpd-443.conf
deleted file mode 100644
index 2266f042c6..0000000000
--- a/config/awx-httpd-443.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-NameVirtualHost *:443
-WSGISocketPrefix /var/run/wsgi
-WSGIPythonHome /var/lib/awx/venv/tower
-
-# LoadModule ssl_module modules/mod_ssl.so
-
-
- ServerName localhost
- ServerAlias *
- DocumentRoot /var/lib/awx/public
- SSLEngine on
-# This certificate can be replaced.
-# However, do not use a different name for, or path to, the SSL certificate.
-# Tower's live events feature requires the SSL certificate to be in this location.
- SSLCertificateFile /etc/tower/tower.cert
- SSLCertificateKeyFile /etc/tower/tower.key
- SSLProtocol all -SSLv3 -SSLv2
-
- WSGIScriptAlias / /var/lib/awx/wsgi.py
- WSGIPassAuthorization On
-
- WSGIDaemonProcess awx user=awx group=awx processes=2 threads=20 maximum-requests=1000 display-name="%{GROUP}"
- WSGIProcessGroup awx
-
- Alias /favicon.ico /var/lib/awx/public/static/favicon.ico
- Alias /static/ /var/lib/awx/public/static/
-
-
-
- = 2.3>
- Require all granted
-
-
- Order deny,allow
- Allow from all
-
-
-
-
-
- = 2.3>
- Require all granted
-
-
- Order deny,allow
- Allow from all
-
-
-
-
diff --git a/config/awx-httpd-80.conf b/config/awx-httpd-80.conf
deleted file mode 100644
index f1390fead3..0000000000
--- a/config/awx-httpd-80.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-WSGISocketPrefix /var/run/wsgi
-WSGIPythonHome /var/lib/awx/venv/tower
-
-
-
- RewriteEngine On
- # don't redirect HTTPs
- RewriteCond %{HTTPS} off
- # don't redirect /api traffic that requested explicit http://
- RewriteRule ^/api - [L]
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
-
- ServerName localhost
- ServerAlias *
- DocumentRoot /var/lib/awx/public
-
- WSGIScriptAlias / /var/lib/awx/wsgi.py
- WSGIPassAuthorization On
-
- WSGIDaemonProcess awx_plain user=awx group=awx processes=2 threads=20 maximum-requests=1000 display-name="%{GROUP}"
- WSGIProcessGroup awx_plain
-
- Alias /favicon.ico /var/lib/awx/public/static/favicon.ico
- Alias /static/ /var/lib/awx/public/static/
-
-
-
- = 2.3>
- Require all granted
-
-
- Order deny,allow
- Allow from all
-
-
-
-
-
- = 2.3>
- Require all granted
-
-
- Order deny,allow
- Allow from all
-
-
-
-
-
diff --git a/config/awx-nginx.conf b/config/awx-nginx.conf
new file mode 100644
index 0000000000..6089cb7a3c
--- /dev/null
+++ b/config/awx-nginx.conf
@@ -0,0 +1,86 @@
+worker_processes auto;
+
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+ }
+
+ sendfile on;
+ #tcp_nopush on;
+
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ upstream uwsgi {
+ server 127.0.0.1:8050;
+ }
+
+ upstream daphne {
+ server 127.0.0.1:8051;
+ }
+
+ server {
+ listen 80 default_server;
+ listen 443 default_server ssl;
+
+ # If you have a domain name, this is where to add it
+ server_name _;
+ keepalive_timeout 70;
+
+ ssl_certificate /etc/tower/tower.crt;
+ ssl_certificate_key /etc/tower/tower.key;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+
+ location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
+ location /static { alias /var/lib/awx/public/static; }
+
+ location /websocket {
+ # Pass request to the upstream alias
+ proxy_pass http://daphne;
+ # Require http version 1.1 to allow for upgrade requests
+ proxy_http_version 1.1;
+ # We want proxy_buffering off for proxying to websockets.
+ proxy_buffering off;
+ # http://en.wikipedia.org/wiki/X-Forwarded-For
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # enable this if you use HTTPS:
+ proxy_set_header X-Forwarded-Proto https;
+ # pass the Host: header from the client for the sake of redirects
+ proxy_set_header Host $http_host;
+ # We've set the Host header, so we don't need Nginx to muddle
+ # about with redirects
+ proxy_redirect off;
+ # Depending on the request value, set the Upgrade and
+ # connection headers
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ }
+
+ location / {
+ include /etc/nginx/uwsgi_params;
+ uwsgi_pass uwsgi;
+ }
+ }
+}
diff --git a/config/uwsgi_params b/config/uwsgi_params
new file mode 100644
index 0000000000..09c732cd68
--- /dev/null
+++ b/config/uwsgi_params
@@ -0,0 +1,17 @@
+
+uwsgi_param QUERY_STRING $query_string;
+uwsgi_param REQUEST_METHOD $request_method;
+uwsgi_param CONTENT_TYPE $content_type;
+uwsgi_param CONTENT_LENGTH $content_length;
+
+uwsgi_param REQUEST_URI $request_uri;
+uwsgi_param PATH_INFO $document_uri;
+uwsgi_param DOCUMENT_ROOT $document_root;
+uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param REQUEST_SCHEME $scheme;
+uwsgi_param HTTPS $https if_not_empty;
+
+uwsgi_param REMOTE_ADDR $remote_addr;
+uwsgi_param REMOTE_PORT $remote_port;
+uwsgi_param SERVER_PORT $server_port;
+uwsgi_param SERVER_NAME $server_name;
diff --git a/setup.py b/setup.py
index ff268cd81d..f5018bd582 100755
--- a/setup.py
+++ b/setup.py
@@ -25,14 +25,16 @@ docdir = "/usr/share/doc/ansible-tower"
if os.path.exists("/etc/debian_version"):
sysinit = "/etc/init.d"
- webconfig = "/etc/apache2/conf.d"
+ webconfig = "/etc/nginx"
+ siteconfig = "/etc/nginx/sites-enabled"
# sosreport-3.1 (and newer) look in '/usr/share/sosreport/sos/plugins'
# sosreport-3.0 looks in '/usr/lib/python2.7/dist-packages/sos/plugins'
# debian/.links will create symlinks to support both versions
sosconfig = "/usr/share/sosreport/sos/plugins"
else:
sysinit = "/etc/rc.d/init.d"
- webconfig = "/etc/httpd/conf.d"
+ webconfig = "/etc/nginx"
+ siteconfig = "/etc/nginx/sites-enabled"
# The .spec will create symlinks to support multiple versions of sosreport
sosconfig = "/usr/share/sosreport/sos/plugins"
@@ -114,8 +116,8 @@ setup(
data_files = proc_data_files([
("%s" % homedir, ["config/wsgi.py",
"awx/static/favicon.ico"]),
- ("%s" % webconfig, ["config/awx-httpd-80.conf",
- "config/awx-httpd-443.conf"]),
+ ("%s" % siteconfig, ["config/awx-nginx.conf"]),
+ ("%s" % webconfig, ["config/uwsgi_params"]),
("%s" % sharedir, ["tools/scripts/request_tower_configuration.sh","tools/scripts/request_tower_configuration.ps1"]),
("%s" % docdir, ["docs/licenses/*",]),
("%s" % bindir, ["tools/scripts/ansible-tower-service",