Loading deploy/ansible/host_vars/esgf.data.example.org +18 −0 Original line number Diff line number Diff line Loading @@ -18,3 +18,21 @@ ### See: https://github.com/ESGF/esgf-docker/blob/master/docs/deploy-ansible.md#enabling-and-disabling-components ## OPTIONAL: Enabling SSL for the server #nginx_config_template: ssl.proxy.conf.j2 #published_port: 443 #ssl_certificate: | # -----BEGIN CERTIFICATE----- # ... #ssl_private_key: | # -----BEGIN RSA PRIVATE KEY----- # ... ### See: https://github.com/ESGF/esgf-docker/blob/master/docs/deploy-ansible.md#enabling-ssl deploy/ansible/host_vars/esgf.index.example.org +17 −0 Original line number Diff line number Diff line Loading @@ -18,3 +18,20 @@ ### See: https://github.com/ESGF/esgf-docker/blob/master/docs/deploy-ansible.md#enabling-and-disabling-components ## OPTIONAL: Enabling SSL for the server #nginx_config_template: ssl.proxy.conf.j2 #published_port: 443 #ssl_certificate: | # -----BEGIN CERTIFICATE----- # ... #ssl_private_key: | # -----BEGIN RSA PRIVATE KEY----- # ... ### See: https://github.com/ESGF/esgf-docker/blob/master/docs/deploy-ansible.md#enabling-ssl deploy/ansible/roles/proxy/defaults/main.yml +1 −0 Original line number Diff line number Diff line Loading @@ -28,6 +28,7 @@ image_pull: true # Default Nginx config using only HTTP nginx_config_template: proxy.conf.j2 published_port: 80 # Generates a Diffie-Helmet file for the server if enabled generate_dhparam: false Loading deploy/ansible/roles/proxy/tasks/main.yml +6 −6 Original line number Diff line number Diff line Loading @@ -16,13 +16,13 @@ docker_network: name: esgf - name: Install a provided certificate block: - name: Set paths for the SSL certificate and key set_fact: ssl_certificate_path: /esg/config/proxy/ssl/proxy.crt ssl_private_key_path: /esg/config/proxy/ssl/proxy.key - name: Install a provided certificate block: - name: Install SSL certificate copy: content: "{{ ssl_certificate }}" Loading Loading @@ -55,7 +55,7 @@ exposed_ports: - "8080" published_ports: - "80:8080" - "{{ published_port }}:8080" networks: - name: esgf networks_cli_compatible: yes Loading docs/deploy-ansible.md +35 −0 Original line number Diff line number Diff line Loading @@ -333,3 +333,38 @@ And the following should return a JSON response: `http://<index:host_name>/esg-search/search?fields=*&type=File&latest=true&format=application%2Fsolr%2Bjson&limit=10&offset=0` ## Enabling SSL To use SSL, you will need to swap the Nginx template used to configure the proxy container. For an SSL enabled server, it's recommended to specify "443" as the `published_port`. In your host_vars file for your server, add the following: ```yaml nginx_config_template: ssl.proxy.conf.j2 published_port: 443 ``` This proxy configuration will not work by itself, since it requires an SSL certificate and key. Assuming you have a certificate for your server already, this can be specifies in the host vars like this: ```yaml ssl_certificate: | -----BEGIN CERTIFICATE----- ... ssl_private_key: | -----BEGIN RSA PRIVATE KEY----- ... ``` Alternatively, you can also prepare your certificate/key on the target host (e.g. with letsencrypt), and copy them to the following paths: ``` /esg/config/proxy/ssl/proxy.crt /esg/config/proxy/ssl/proxy.key ``` As long as the files are not symlinks, they will be automatically installed to the proxy container. *Note: The SSL certificate or certificate file should contain the complete certificate chain, including intermediate certificates.* Loading
deploy/ansible/host_vars/esgf.data.example.org +18 −0 Original line number Diff line number Diff line Loading @@ -18,3 +18,21 @@ ### See: https://github.com/ESGF/esgf-docker/blob/master/docs/deploy-ansible.md#enabling-and-disabling-components ## OPTIONAL: Enabling SSL for the server #nginx_config_template: ssl.proxy.conf.j2 #published_port: 443 #ssl_certificate: | # -----BEGIN CERTIFICATE----- # ... #ssl_private_key: | # -----BEGIN RSA PRIVATE KEY----- # ... ### See: https://github.com/ESGF/esgf-docker/blob/master/docs/deploy-ansible.md#enabling-ssl
deploy/ansible/host_vars/esgf.index.example.org +17 −0 Original line number Diff line number Diff line Loading @@ -18,3 +18,20 @@ ### See: https://github.com/ESGF/esgf-docker/blob/master/docs/deploy-ansible.md#enabling-and-disabling-components ## OPTIONAL: Enabling SSL for the server #nginx_config_template: ssl.proxy.conf.j2 #published_port: 443 #ssl_certificate: | # -----BEGIN CERTIFICATE----- # ... #ssl_private_key: | # -----BEGIN RSA PRIVATE KEY----- # ... ### See: https://github.com/ESGF/esgf-docker/blob/master/docs/deploy-ansible.md#enabling-ssl
deploy/ansible/roles/proxy/defaults/main.yml +1 −0 Original line number Diff line number Diff line Loading @@ -28,6 +28,7 @@ image_pull: true # Default Nginx config using only HTTP nginx_config_template: proxy.conf.j2 published_port: 80 # Generates a Diffie-Helmet file for the server if enabled generate_dhparam: false Loading
deploy/ansible/roles/proxy/tasks/main.yml +6 −6 Original line number Diff line number Diff line Loading @@ -16,13 +16,13 @@ docker_network: name: esgf - name: Install a provided certificate block: - name: Set paths for the SSL certificate and key set_fact: ssl_certificate_path: /esg/config/proxy/ssl/proxy.crt ssl_private_key_path: /esg/config/proxy/ssl/proxy.key - name: Install a provided certificate block: - name: Install SSL certificate copy: content: "{{ ssl_certificate }}" Loading Loading @@ -55,7 +55,7 @@ exposed_ports: - "8080" published_ports: - "80:8080" - "{{ published_port }}:8080" networks: - name: esgf networks_cli_compatible: yes Loading
docs/deploy-ansible.md +35 −0 Original line number Diff line number Diff line Loading @@ -333,3 +333,38 @@ And the following should return a JSON response: `http://<index:host_name>/esg-search/search?fields=*&type=File&latest=true&format=application%2Fsolr%2Bjson&limit=10&offset=0` ## Enabling SSL To use SSL, you will need to swap the Nginx template used to configure the proxy container. For an SSL enabled server, it's recommended to specify "443" as the `published_port`. In your host_vars file for your server, add the following: ```yaml nginx_config_template: ssl.proxy.conf.j2 published_port: 443 ``` This proxy configuration will not work by itself, since it requires an SSL certificate and key. Assuming you have a certificate for your server already, this can be specifies in the host vars like this: ```yaml ssl_certificate: | -----BEGIN CERTIFICATE----- ... ssl_private_key: | -----BEGIN RSA PRIVATE KEY----- ... ``` Alternatively, you can also prepare your certificate/key on the target host (e.g. with letsencrypt), and copy them to the following paths: ``` /esg/config/proxy/ssl/proxy.crt /esg/config/proxy/ssl/proxy.key ``` As long as the files are not symlinks, they will be automatically installed to the proxy container. *Note: The SSL certificate or certificate file should contain the complete certificate chain, including intermediate certificates.*
