Skip to main content

Enabling SSL

By default, the Anaconda Team Edition installation does not require the use of SSL/TLS. To enable SSL/TLS after installation, the following steps must be taken:
  1. Edit docker-compose.yml
    1. Near the top of the file, uncomment the following lines: 
      # secrets:
# - source: nginx_key
#   target: /etc/nginx/certs/tls.key
# - source: nginx_cert
#   target: /etc/nginx/certs/tls.crt
    2. Further down in the file, under the keycloak key, uncomment this line: 
      # - PROXY_ADDRESS_FORWARDING=true
  2. Edit .env file
    1. Change DOMAIN to new FQDN, if applicable.
    2. Change NGINX_PROXY_PORT to 443.
    3. Change PROTOCOL to https
  3. Edit /opt/anaconda/repo/config/nginx/conf.d/repo.conf
    1. Near the top of the file, change listen 8080; to listen 8080 ssl;.
    2. Add the following lines after the listen 8080 ssl; line: 
      ssl_certificate     /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_protocols       TLSv1.2 TLSv1.3;
ssl_ciphers         HIGH:!aNULL:!MD5;
  4. Add your certificate and private key, named tls.crt and tls.key, to the following directory: 
    /opt/anaconda/repo/config/nginx/certs
  5. Run the following command from the directory containing docker-compose.yml to apply the changes: 
    docker-compose up -d nginx_proxy

Configuring SSL

The following steps will allow you to configure the SSL:
  1. Add or remove the following lines relating to the SSL in <BASE_INSTALL_DIR>/config/nginx/conf.d/repo.conf, where <BASE_INSTALL_DIR> is the installation directory: 
    listen              8080 ssl;

ssl_certificate     /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_protocols       TLSv1.2 TLSv1.3;
ssl_ciphers         HIGH:!aNULL:!MD5;
  2. Add or remove certificates from the following directory: 
    # Replace <BASE_INSTALL_DIR> with your base install directory.
<BASE_INSTALL_DIR>/config/nginx/certs
  3. Run the following command: 
    docker-compose up -d nginx_proxy
Refer to nginx’s documentation for the standard SSL configuration procedure.
I