mirror of
https://github.com/ansible/awx.git
synced 2026-02-01 01:28:09 -03:30
7b636a7566
HTTPS is, by default, expected to be on port 443.
Also, with HSTS set, we need to be sure that users attempting to arrive
via HTTP are properly redirected to HTTPS.
This does so by:
* Setting up a 301 redirect for any URL to its HTTPS version
* Adjusting the internal port for HTTPS traffic to 8053
* Setting docker-compose to share port 443 → 8053
- This is configurable via an inventory variable
135 lines
4.8 KiB
Django/Jinja
135 lines
4.8 KiB
Django/Jinja
#jinja2: lstrip_blocks: True
|
|
version: '2'
|
|
services:
|
|
|
|
web:
|
|
image: {{ awx_web_docker_actual_image }}
|
|
container_name: awx_web
|
|
depends_on:
|
|
- rabbitmq
|
|
- memcached
|
|
{% if pg_hostname is not defined %}
|
|
- postgres
|
|
{% endif %}
|
|
ports:
|
|
{% if ssl_certificate is defined %}
|
|
- "{{ host_port_ssl }}:8053"
|
|
{% endif %}
|
|
- "{{ host_port }}:8052"
|
|
hostname: {{ awx_web_hostname }}
|
|
user: root
|
|
restart: unless-stopped
|
|
volumes:
|
|
- "{{ docker_compose_dir }}/SECRET_KEY:/etc/tower/SECRET_KEY"
|
|
- "{{ docker_compose_dir }}/environment.sh:/etc/tower/conf.d/environment.sh"
|
|
- "{{ docker_compose_dir }}/credentials.py:/etc/tower/conf.d/credentials.py"
|
|
{% if project_data_dir is defined %}
|
|
- "{{ project_data_dir +':/var/lib/awx/projects:rw' }}"
|
|
{% endif %}
|
|
{% if ca_trust_dir is defined %}
|
|
- "{{ ca_trust_dir +':/etc/pki/ca-trust/source/anchors:ro' }}"
|
|
{% endif %}
|
|
{% if ssl_certificate is defined %}
|
|
- "{{ ssl_certificate +':/etc/nginx/awxweb.pem:ro' }}"
|
|
{% endif %}
|
|
{% if (awx_container_search_domains is defined) and (',' in awx_container_search_domains) %}
|
|
{% set awx_container_search_domains_list = awx_container_search_domains.split(',') %}
|
|
dns_search:
|
|
{% for awx_container_search_domain in awx_container_search_domains_list %}
|
|
- {{ awx_container_search_domain }}
|
|
{% endfor %}
|
|
{% elif awx_container_search_domains is defined %}
|
|
dns_search: "{{ awx_container_search_domains }}"
|
|
{% endif %}
|
|
{% if (awx_alternate_dns_servers is defined) and (',' in awx_alternate_dns_servers) %}
|
|
{% set awx_alternate_dns_servers_list = awx_alternate_dns_servers.split(',') %}
|
|
dns:
|
|
{% for awx_alternate_dns_server in awx_alternate_dns_servers_list %}
|
|
- {{ awx_alternate_dns_server }}
|
|
{% endfor %}
|
|
{% elif awx_alternate_dns_servers is defined %}
|
|
dns: "{{ awx_alternate_dns_servers }}"
|
|
{% endif %}
|
|
environment:
|
|
http_proxy: {{ http_proxy | default('') }}
|
|
https_proxy: {{ https_proxy | default('') }}
|
|
no_proxy: {{ no_proxy | default('') }}
|
|
|
|
task:
|
|
image: {{ awx_task_docker_actual_image }}
|
|
container_name: awx_task
|
|
depends_on:
|
|
- rabbitmq
|
|
- memcached
|
|
- web
|
|
{% if pg_hostname is not defined %}
|
|
- postgres
|
|
{% endif %}
|
|
hostname: {{ awx_task_hostname }}
|
|
user: root
|
|
restart: unless-stopped
|
|
volumes:
|
|
- "{{ docker_compose_dir }}/SECRET_KEY:/etc/tower/SECRET_KEY"
|
|
- "{{ docker_compose_dir }}/environment.sh:/etc/tower/conf.d/environment.sh"
|
|
- "{{ docker_compose_dir }}/credentials.py:/etc/tower/conf.d/credentials.py"
|
|
{% if project_data_dir is defined %}
|
|
- "{{ project_data_dir +':/var/lib/awx/projects:rw' }}"
|
|
{% endif %}
|
|
{% if ca_trust_dir is defined %}
|
|
- "{{ ca_trust_dir +':/etc/pki/ca-trust/source/anchors:ro' }}"
|
|
{% endif %}
|
|
{% if ssl_certificate is defined %}
|
|
- "{{ ssl_certificate +':/etc/nginx/awxweb.pem:ro' }}"
|
|
{% endif %}
|
|
{% if (awx_container_search_domains is defined) and (',' in awx_container_search_domains) %}
|
|
{% set awx_container_search_domains_list = awx_container_search_domains.split(',') %}
|
|
dns_search:
|
|
{% for awx_container_search_domain in awx_container_search_domains_list %}
|
|
- {{ awx_container_search_domain }}
|
|
{% endfor %}
|
|
{% elif awx_container_search_domains is defined %}
|
|
dns_search: "{{ awx_container_search_domains }}"
|
|
{% endif %}
|
|
{% if (awx_alternate_dns_servers is defined) and (',' in awx_alternate_dns_servers) %}
|
|
{% set awx_alternate_dns_servers_list = awx_alternate_dns_servers.split(',') %}
|
|
dns:
|
|
{% for awx_alternate_dns_server in awx_alternate_dns_servers_list %}
|
|
- {{ awx_alternate_dns_server }}
|
|
{% endfor %}
|
|
{% elif awx_alternate_dns_servers is defined %}
|
|
dns: "{{ awx_alternate_dns_servers }}"
|
|
{% endif %}
|
|
environment:
|
|
http_proxy: {{ http_proxy | default('') }}
|
|
https_proxy: {{ https_proxy | default('') }}
|
|
no_proxy: {{ no_proxy | default('') }}
|
|
|
|
rabbitmq:
|
|
image: {{ rabbitmq_image }}
|
|
container_name: awx_rabbitmq
|
|
restart: unless-stopped
|
|
environment:
|
|
RABBITMQ_DEFAULT_VHOST: "{{ rabbitmq_default_vhost }}"
|
|
RABBITMQ_DEFAULT_USER: "{{ rabbitmq_user }}"
|
|
RABBITMQ_DEFAULT_PASS: "{{ rabbitmq_password }}"
|
|
RABBITMQ_ERLANG_COOKIE: {{ rabbitmq_erlang_cookie }}
|
|
|
|
memcached:
|
|
image: memcached:alpine
|
|
container_name: awx_memcached
|
|
restart: unless-stopped
|
|
|
|
{% if pg_hostname is not defined %}
|
|
postgres:
|
|
image: postgres:9.6
|
|
container_name: awx_postgres
|
|
restart: unless-stopped
|
|
volumes:
|
|
- {{ postgres_data_dir }}:/var/lib/postgresql/data:Z
|
|
environment:
|
|
POSTGRES_USER: {{ pg_username }}
|
|
POSTGRES_PASSWORD: {{ pg_password }}
|
|
POSTGRES_DB: {{ pg_database }}
|
|
PGDATA: /var/lib/postgresql/data/pgdata
|
|
{% endif %}
|