Enabling and configuring SSL

• Enabling SSL
• Configuring SSL

​

Enabling SSL

By default, the Anaconda Team Edition installation does not require the use of SSL/TLS. To enable SSL/TLS after installation, the following steps must be taken:

1. Edit docker-compose.yml

   1. Near the top of the file, uncomment the following lines:

      Copy

      Ask AI

      # secrets:
      # - source: nginx_key
      #   target: /etc/nginx/certs/tls.key
      # - source: nginx_cert
      #   target: /etc/nginx/certs/tls.crt
      

   2. Further down in the file, under the keycloak key, uncomment this line:

      Copy

      Ask AI

      # - PROXY_ADDRESS_FORWARDING=true
      

2. Edit .env file

   1. Change DOMAIN to new FQDN, if applicable.
   2. Change NGINX_PROXY_PORT to 443.
   3. Change PROTOCOL to https

3. Edit /opt/anaconda/repo/config/nginx/conf.d/repo.conf

   1. Near the top of the file, change listen 8080; to listen 8080 ssl;.

   2. Add the following lines after the listen 8080 ssl; line:

      Copy

      Ask AI

      ssl_certificate     /etc/nginx/certs/tls.crt;
      ssl_certificate_key /etc/nginx/certs/tls.key;
      ssl_protocols       TLSv1.2 TLSv1.3;
      ssl_ciphers         HIGH:!aNULL:!MD5;
      

4. Add your certificate and private key, named tls.crt and tls.key, to the following directory:

   Copy

   Ask AI

   /opt/anaconda/repo/config/nginx/certs
   

5. Run the following command from the directory containing docker-compose.yml to apply the changes:

   Copy

   Ask AI

   docker-compose up -d nginx_proxy
   

​

Configuring SSL

The following steps will allow you to configure the SSL:

1. Add or remove the following lines relating to the SSL in <BASE_INSTALL_DIR>/config/nginx/conf.d/repo.conf, where <BASE_INSTALL_DIR> is the installation directory:

   Copy

   Ask AI

   listen              8080 ssl;
   
   ssl_certificate     /etc/nginx/certs/tls.crt;
   ssl_certificate_key /etc/nginx/certs/tls.key;
   ssl_protocols       TLSv1.2 TLSv1.3;
   ssl_ciphers         HIGH:!aNULL:!MD5;
   

2. Add or remove certificates from the following directory:

   Copy

   Ask AI

   # Replace <BASE_INSTALL_DIR> with your base install directory.
   <BASE_INSTALL_DIR>/config/nginx/certs
   

3. Run the following command:

   Copy

   Ask AI

   docker-compose up -d nginx_proxy
   

Refer to nginx’s documentation for the standard SSL configuration procedure.