Enable and configure SSL post installation¶
Because Anaconda Server does not require SSL certificates to operate, you’ll need to perform some additional steps in order to enable SSL on an existing HTTP based instance.
Log into your instanace of Anaconda Server as a user with root access.
Open your Anaconda Server installer directory. This directory contains both the
You can find your installer directory by running the
ls -lacommand to view the contents of your current working directory.
# Replace <INSTALLER_DIRECTORY> with your base installer directory cd <INSTALLER_DIRECTORY>
Services:section near the top of the file. Then, under the
nginx_proxy:portion, add the following lines:
secrets: - source: nginx_key target: /etc/nginx/certs/tls.key - source: nginx_cert target: /etc/nginx/certs/tls.crt
Keycloak:section further down in the file. Then, under the
environment:portion, add this line:
DOMAINto new FQDN, if applicable.
Near the top of the file, change
listen 8080 ssl;.
Add the following lines after the
listen 8080 ssl;line:
ssl_certificate /etc/nginx/certs/tls.crt; ssl_certificate_key /etc/nginx/certs/tls.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5;
Here is an example of what your
repo.conffile will look like when correctly configured:
Add your certificate and private key, named
tls.key, to the following directory:
Run the following command from the directory containing
docker-compose.ymlto apply the changes:
docker-compose up -d
The following steps will allow you to configure the SSL:
Add or remove the following lines relating to the SSL in
<BASE_INSTALL_DIR>is the installation directory:
listen 8080 ssl; ssl_certificate /etc/nginx/certs/tls.crt; ssl_certificate_key /etc/nginx/certs/tls.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5;
Add or remove certificates from the following directory:
# Replace <INSTALLER_DIRECTORY> with your base install directory <INSTALLER_DIRECTORY>/config/nginx/certs
Run the following command:
docker-compose up -d
Refer to nginx’s documentation for the standard SSL configuration procedure.
Once your SSL cert and key are in place, you will need to update Keycloak to point to your new root URL and any valid URI redirects to your domain.
Navigate to your Keycloak instance at <FQDN>/auth/admin and log in.
Select Clients from the left-hand navigation.
Select repo-service from the list of available clients.
On the Settings tab, update your root URL and any necessary valid redirect URI’s.
HTTPS or updating your
FQDN will alter the file path to your channel’s packages. You must rebuild your channel index to correct the file path. If you do not, you will be unable to successfully download packages after migrating.