Using Nginx in front of AWX for SSL

Wednesday, August 8, 2018

I’ve got AWX deployed in production currently. Obviously for production, you need to SSL for authentication. Since AWX doesn’t offer this currently, and I’m not paying $20/month just for a ELB for this, I decided to slap Nginx in front of the containers to proxy SSL. This ended up being a larger pain than I expected because of the websockets. Finally got it figured out and wanted to post my nginx config for anyone else trying to do the same thing.

        location / {
        proxy_pass http://127.0.0.1:8090;
		proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Upgrade $http_upgrade;
    	proxy_set_header Connection "upgrade";
        }

Obviously this is not the entire config, but this is the most important part. If the websockets aren’t working then you will not be able to navigate to certain parts of the site (like the run logs). The part I was missing was the Upgrade and Connection settings. Once I put these in place everything worked as expected.

devopsansibleawxproxynginx

Testing Ansible AWX/Tower roles

Migration to Gitlab and Gitlab Runners