summaryrefslogtreecommitdiffstats
path: root/pillar/cluster/denc
diff options
context:
space:
mode:
authorGeorg Pfuetzenreuter2023-02-12 16:28:19 +0100
committerGeorg Pfuetzenreuter2023-02-12 16:39:49 +0100
commit2d5da24ce5d695b3f934ec06c654f7ae754b3fbf (patch)
treefafacca2b764a7f30013ba5d41e3c841e6f72ea8 /pillar/cluster/denc
parent7e73f6b1a4524c39a4020a7e4a682341e50c6a7b (diff)
downloadsalt-2d5da24ce5d695b3f934ec06c654f7ae754b3fbf.tar.gz
salt-2d5da24ce5d695b3f934ec06c654f7ae754b3fbf.tar.bz2
salt-2d5da24ce5d695b3f934ec06c654f7ae754b3fbf.zip
denc-webcluster: nginx AppArmor rules
Allow access to client trust certificate and to static content. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'pillar/cluster/denc')
-rw-r--r--pillar/cluster/denc/web-proxy.sls7
1 files changed, 7 insertions, 0 deletions
diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls
index 7b5cebd..7748768 100644
--- a/pillar/cluster/denc/web-proxy.sls
+++ b/pillar/cluster/denc/web-proxy.sls
@@ -209,3 +209,10 @@ firewalld:
services:
- http
- https
+
+profile:
+ apparmor:
+ local:
+ usr.sbin.nginx:
+ - '{{ trustcrt }} r,'
+ - '/srv/www/{libsso.net,sso.casa,sso.syscid.com}/{index.html,stuff/tacit-css-1.5.2.min.css} r,'