Enabling and configuring SSL¶
Enabling SSL¶
By default, the Anaconda Server installation does not require the use of SSL/TLS. To enable SSL/TLS after installation, the following steps must be taken:
Edit
docker-compose.ymlNear the top of the file, uncomment the following lines:
# secrets: # - source: nginx_key # target: /etc/nginx/certs/tls.key # - source: nginx_cert # target: /etc/nginx/certs/tls.crt
Further down in the file, under the
keycloakkey, uncomment this line:# - PROXY_ADDRESS_FORWARDING=true
Edit
.envfileChange
DOMAINto new FQDN, if applicable.Change
NGINX_PROXY_PORTto443.Change
PROTOCOLtohttps
Edit
/opt/anaconda/repo/config/nginx/conf.d/repo.confNear the top of the file, change
listen 8080;tolisten 8080 ssl;.Add the following lines after the
listen 8080 ssl;line:ssl_certificate /etc/nginx/certs/tls.crt; ssl_certificate_key /etc/nginx/certs/tls.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5;
Add your certificate and private key, named
tls.crtandtls.key, to the following directory:/opt/anaconda/repo/config/nginx/certs
Run the following command from the directory containing
docker-compose.ymlto apply the changes:docker-compose up -d nginx_proxy
Configuring SSL¶
The following steps will allow you to configure the SSL:
Add or remove the following lines relating to the SSL in
<BASE_INSTALL_DIR>/config/nginx/conf.d/repo.conf, where<BASE_INSTALL_DIR>is the installation directory:listen 8080 ssl; ssl_certificate /etc/nginx/certs/tls.crt; ssl_certificate_key /etc/nginx/certs/tls.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5;
Add or remove certificates from the following directory:
# Replace <BASE_INSTALL_DIR> with your base install directory. <BASE_INSTALL_DIR>/config/nginx/certs
Run the following command:
docker-compose up -d nginx_proxy
Refer to nginx’s documentation for the standard SSL configuration procedure.