denc-webcluster: nginx AppArmor rules

Allow access to client trust certificate and to static content. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
author: Georg Pfuetzenreuter 2023-02-12 16:28:19 +0100
committer: Georg Pfuetzenreuter 2023-02-12 16:39:49 +0100
commit: 2d5da24ce5d695b3f934ec06c654f7ae754b3fbf (patch)
tree: fafacca2b764a7f30013ba5d41e3c841e6f72ea8 /pillar/cluster/denc/web-proxy.sls
parent: 7e73f6b1a4524c39a4020a7e4a682341e50c6a7b (diff)
download: salt-2d5da24ce5d695b3f934ec06c654f7ae754b3fbf.tar.gz
salt-2d5da24ce5d695b3f934ec06c654f7ae754b3fbf.tar.bz2
salt-2d5da24ce5d695b3f934ec06c654f7ae754b3fbf.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls
index 7b5cebd..7748768 100644
--- a/pillar/cluster/denc/web-proxy.sls
+++ b/pillar/cluster/denc/web-proxy.sls
@@ -209,3 +209,10 @@ firewalld:
       services:
         - http
         - https
+
+profile:
+  apparmor:
+    local:
+      usr.sbin.nginx:
+        - '{{ trustcrt }} r,'
+        - '/srv/www/{libsso.net,sso.casa,sso.syscid.com}/{index.html,stuff/tacit-css-1.5.2.min.css} r,'
author	Georg Pfuetzenreuter	2023-02-12 16:28:19 +0100
committer	Georg Pfuetzenreuter	2023-02-12 16:39:49 +0100
commit	2d5da24ce5d695b3f934ec06c654f7ae754b3fbf (patch)
tree	fafacca2b764a7f30013ba5d41e3c841e6f72ea8 /pillar/cluster/denc/web-proxy.sls
parent	7e73f6b1a4524c39a4020a7e4a682341e50c6a7b (diff)
download	salt-2d5da24ce5d695b3f934ec06c654f7ae754b3fbf.tar.gz salt-2d5da24ce5d695b3f934ec06c654f7ae754b3fbf.tar.bz2 salt-2d5da24ce5d695b3f934ec06c654f7ae754b3fbf.zip