ssl - 在 centOS 7.x 上使用 https 配置的 AWX-Ansible

Question

在 centOS 上克隆 14.1 版后，我使用 docker-compose 安装了 AWX。关注 https://github.com/ansible/awx/blob/devel/INSTALL.md
默认 UI 在端口 80 上启动。
我正在尝试将其配置为 https 可访问。不想在前面使用 NGINX。
我浏览了一些博客，但没有得到太多。我已经创建了自签名证书并在 awx 库存、证书和 key 中进行了配置，启用了端口 443。Docker 显示进程在 80 和 443 处启动，但无法访问 AWX UI。

host_port_ssl=443
ssl_certificate=/opt/awx/certs/cert.pem
ssl_certificate_key=/opt/awx/certs/key.pem
docker_compose_dir="~/.awx/awxcompose"

你能否建议我是否做得正确。

(root@hostname):~/.awx/awxcompose# cat docker-compose.yml
version: '2'
services:

  web:
    image: ansible/awx:14.1.0
    container_name: awx_web
    depends_on:
      - redis
      - postgres
    ports:
      - "443:8053"
      - "80:8052"
    hostname: awxweb
    user: root
    restart: unless-stopped
    volumes:
      - supervisor-socket:/var/run/supervisor
      - rsyslog-socket:/var/run/awx-rsyslog/
      - rsyslog-config:/var/lib/awx/rsyslog/
      - "~/.awx/awxcompose/SECRET_KEY:/etc/tower/SECRET_KEY"
      - "~/.awx/awxcompose/environment.sh:/etc/tower/conf.d/environment.sh"
      - "~/.awx/awxcompose/credentials.py:/etc/tower/conf.d/credentials.py"
      - "~/.awx/awxcompose/nginx.conf:/etc/nginx/nginx.conf:ro"
      - "~/.awx/awxcompose/redis_socket:/var/run/redis/:rw"
      - "/opt/awx/certs/cert.pem:/etc/nginx/awxweb.pem:ro"
      - "/opt/awx/certs/key.pem:/etc/nginx/awxweb_key.pem:ro"
    environment:
      http_proxy:
      https_proxy:
      no_proxy:

  task:
    image: ansible/awx:14.1.0
    container_name: awx_task
    depends_on:
      - redis
      - web
      - postgres
    command: /usr/bin/launch_awx_task.sh
    hostname: awx
    user: root
    restart: unless-stopped
    volumes:
      - supervisor-socket:/var/run/supervisor
      - rsyslog-socket:/var/run/awx-rsyslog/
      - rsyslog-config:/var/lib/awx/rsyslog/
      - "~/.awx/awxcompose/SECRET_KEY:/etc/tower/SECRET_KEY"
      - "~/.awx/awxcompose/environment.sh:/etc/tower/conf.d/environment.sh"
      - "~/.awx/awxcompose/credentials.py:/etc/tower/conf.d/credentials.py"
      - "~/.awx/awxcompose/redis_socket:/var/run/redis/:rw"
      - "/opt/awx/certs/cert.pem:/etc/nginx/awxweb.pem:ro"
    environment:
      http_proxy:
      https_proxy:
      no_proxy:
      SUPERVISOR_WEB_CONFIG_PATH: '/etc/supervisord.conf'

  redis:
    image: redis
    container_name: awx_redis
    restart: unless-stopped
    environment:
      http_proxy:
      https_proxy:
      no_proxy:
    command: ["/usr/local/etc/redis/redis.conf"]
    volumes:
      - "~/.awx/awxcompose/redis.conf:/usr/local/etc/redis/redis.conf:ro"
      - "~/.awx/awxcompose/redis_socket:/var/run/redis/:rw"

  postgres:
    image: postgres:10
    container_name: awx_postgres
    restart: unless-stopped
    volumes:
      - ~/.awx/pgdocker/10/data/:/var/lib/postgresql/data:Z
    environment:
      POSTGRES_USER: awx
      POSTGRES_PASSWORD: awxpass
      POSTGRES_DB: awx
      http_proxy:
      https_proxy:
      no_proxy:


volumes:
  supervisor-socket:
  rsyslog-socket:
  rsyslog-config:


CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                                         NAMES
81d087f70d27        ansible/awx:14.1.0   "/usr/bin/tini -- ..."   3 minutes ago       Up 3 minutes        8052/tcp                                      awx_task
f77f731efaa2        ansible/awx:14.1.0   "/usr/bin/tini -- ..."   3 minutes ago       Up 3 minutes        0.0.0.0:80->8052/tcp, 0.0.0.0:443->8053/tcp   awx_web
076ad0550300        postgres:10          "docker-entrypoint..."   6 days ago          Up 3 minutes        5432/tcp                                      awx_postgres
287cd57a5895        redis                "docker-entrypoint..."   6 days ago          Up 3 minutes        6379/tcp                                      awx_redis

Answer 1

我遇到了类似的问题，原来是由于我的 SSL key 格式错误。结果，Web 服务器根本没有启动(在 ansible 安装脚本中没有任何错误)。查看 docker logs awx_web | less错误或提示。
它是否在没有 SSL 配置的情况下运行？在我的情况下，注释掉 inventory 中的 SSL 设置并且重新运行安装程序至少会在端口 80 上启动 Web 服务器。