Enabling SSL

By default, the Anaconda Server installation does not require the use of SSL/TLS. To enable SSL/TLS after installation, the following steps must be taken:
  1. Edit your docker-compose.yml file.
    1. Find the Services: section near the top of the file. Then, under the nginx_proxy: portion, add the following lines: 
      secrets:
  - source: nginx_key
    target: /etc/nginx/certs/tls.key
  - source: nginx_cert
    target: /etc/nginx/certs/tls.crt
    2. Find the Keycloak: section further down in the file. Then, under the environment: portion, add this line: 
      - PROXY_ADDRESS_FORWARDING=true
  2. Edit your .env file.
    1. Change DOMAIN to new FQDN, if applicable.
    2. Change NGINX_PROXY_PORT to 443.
    3. Change PROTOCOL to https.
  3. Edit your /opt/anaconda/repo/config/nginx/conf.d/repo.conf file.
    1. Near the top of the file, change listen 8080; to listen 8080 ssl;.
    2. Add the following lines after the listen 8080 ssl; line: 
      ssl_certificate     /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_protocols       TLSv1.2 TLSv1.3;
ssl_ciphers         HIGH:!aNULL:!MD5;
  4. Add your certificate and private key, named tls.crt and tls.key, to the following directory: 
    /opt/anaconda/repo/config/nginx/certs
  5. Run the following command from the directory containing docker-compose.yml to apply the changes: 
    docker-compose up -d

Configuring SSL

The following steps will allow you to configure the SSL:
  1. Add or remove the following lines relating to the SSL in <BASE_INSTALL_DIR>/config/nginx/conf.d/repo.conf, where <BASE_INSTALL_DIR> is the installation directory: 
    listen              8080 ssl;

ssl_certificate     /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_protocols       TLSv1.2 TLSv1.3;
ssl_ciphers         HIGH:!aNULL:!MD5;
  2. Add or remove certificates from the following directory: 
    # Replace <BASE_INSTALL_DIR> with your base install directory.
<BASE_INSTALL_DIR>/config/nginx/certs
  3. Run the following command: 
    docker-compose up -d
Refer to nginx’s documentation for the standard SSL configuration procedure.