Enabling SSL

By default, the Anaconda Server installation does not require the use of SSL/TLS. To enable SSL/TLS after installation, the following steps must be taken:

  1. Edit your docker-compose.yml file.

    1. Find the Services: section near the top of the file. Then, under the nginx_proxy: portion, add the following lines:

      secrets:
  - source: nginx_key
    target: /etc/nginx/certs/tls.key
  - source: nginx_cert
    target: /etc/nginx/certs/tls.crt

    2. Find the Keycloak: section further down in the file. Then, under the environment: portion, add this line:

      - PROXY_ADDRESS_FORWARDING=true

  2. Edit your .env file.

    1. Change DOMAIN to new FQDN, if applicable.
    2. Change NGINX_PROXY_PORT to 443.
    3. Change PROTOCOL to https.

  3. Edit your /opt/anaconda/repo/config/nginx/conf.d/repo.conf file.

    1. Near the top of the file, change listen 8080; to listen 8080 ssl;.

    2. Add the following lines after the listen 8080 ssl; line:

      ssl_certificate     /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_protocols       TLSv1.2 TLSv1.3;
ssl_ciphers         HIGH:!aNULL:!MD5;

  4. Add your certificate and private key, named tls.crt and tls.key, to the following directory:

    /opt/anaconda/repo/config/nginx/certs

  5. Run the following command from the directory containing docker-compose.yml to apply the changes:

    docker-compose up -d

Configuring SSL

The following steps will allow you to configure the SSL:

  1. Add or remove the following lines relating to the SSL in <BASE_INSTALL_DIR>/config/nginx/conf.d/repo.conf, where <BASE_INSTALL_DIR> is the installation directory:

    listen              8080 ssl;

ssl_certificate     /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_protocols       TLSv1.2 TLSv1.3;
ssl_ciphers         HIGH:!aNULL:!MD5;

  2. Add or remove certificates from the following directory:

    # Replace <BASE_INSTALL_DIR> with your base install directory.
<BASE_INSTALL_DIR>/config/nginx/certs

  3. Run the following command:

    docker-compose up -d

Refer to nginx’s documentation for the standard SSL configuration procedure.