summaryrefslogtreecommitdiffstats
path: root/pillar/cluster/denc
diff options
context:
space:
mode:
authorGeorg Pfuetzenreuter2023-02-12 14:44:20 +0100
committerGeorg Pfuetzenreuter2023-02-12 14:44:20 +0100
commit5fdbdc7462d1bcba21302c52f173f8ff73b9c921 (patch)
tree46ffac55296534d950187c8e2c4180b8980bab38 /pillar/cluster/denc
parent8c21d250c3ab707221265015a9c973833e3423bb (diff)
parent533aedd864fce377ee4cc543bad5edcf4ef6acf3 (diff)
downloadsalt-5fdbdc7462d1bcba21302c52f173f8ff73b9c921.tar.gz
salt-5fdbdc7462d1bcba21302c52f173f8ff73b9c921.tar.bz2
salt-5fdbdc7462d1bcba21302c52f173f8ff73b9c921.zip
Merge pull request 'denc-webcluster: allow http(s) publicly' (#24) from import-denc-webcluster-fw into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/24
Diffstat (limited to 'pillar/cluster/denc')
-rw-r--r--pillar/cluster/denc/web-proxy.sls8
1 files changed, 8 insertions, 0 deletions
diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls
index 923369e..2e8859d 100644
--- a/pillar/cluster/denc/web-proxy.sls
+++ b/pillar/cluster/denc/web-proxy.sls
@@ -15,6 +15,7 @@ keepalived:
smtp_server: {{ mailer }}
smtp_connect_timeout: 30
router_id: SSO_FO
+ enable_script_security: true
vrrp_script:
check_nginx_port:
script: '"/usr/bin/curl -kfsSm2 https://[::1]:443"'
@@ -204,3 +205,10 @@ nginx:
- proxy_busy_buffers_size: 512k
- error_log: /var/log/nginx/libsso_public.error.log
- access_log: /var/log/nginx/libsso_public.access.log combined
+
+firewalld:
+ zones:
+ public:
+ services:
+ - http
+ - https