Merge pull request #3847 from tkeemon/tkeemon/fix-edx-notes-ssl

Make edx_notes_api endpoint HTTPS aware

Merge pull request #3847 from tkeemon/tkeemon/fix-edx-notes-ssl
Make edx_notes_api endpoint HTTPS aware
4d9034fa · Fred Smith · GitHub · 896a5a22 · 514604ad · 4d9034fa
Commit 4d9034fa authored May 10, 2017 by Fred Smith Committed by GitHub May 10, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

playbooks/roles/edx_notes_api/defaults/main.yml
+1 -0

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/edx_notes_api.j2
+10 -0

No files found.
--- a/playbooks/roles/edx_notes_api/defaults/main.yml
+++ b/playbooks/roles/edx_notes_api/defaults/main.yml
@@ -105,6 +105,7 @@ edx_notes_api_gunicorn_port: 8120
 edx_notes_api_gunicorn_timeout: 300
 edx_notes_api_wsgi: notesserver.wsgi:application
 edx_notes_api_nginx_port: 18120
+edx_notes_api_ssl_nginx_port: 48120
 edx_notes_api_manage: "{{ edx_notes_api_code_dir }}/manage.py" 
 edx_notes_api_requirements_base: "{{ edx_notes_api_code_dir }}/requirements"
 # Application python requirements

--- a/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/edx_notes_api.j2
+++ b/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/edx_notes_api.j2
@@ -7,6 +7,16 @@ upstream {{ edx_notes_api_service_name }}_app_server {
 server {
  listen {{ edx_notes_api_nginx_port }} default_server;

+  {% if NGINX_ENABLE_SSL %}
+
+  listen {{ edx_notes_api_ssl_nginx_port }} ssl;
+
+  ssl_certificate /etc/ssl/certs/{{ NGINX_SSL_CERTIFICATE|basename }};
+  ssl_certificate_key /etc/ssl/private/{{ NGINX_SSL_KEY|basename }};
+  # request the browser to use SSL for all connections
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+  {% endif %}
+
  {% include "common-settings.j2" %}

  # Prevent invalid display courseware in IE 10+ with high privacy settings