diff --git a/images/miq-app-frontend/Dockerfile b/images/miq-app-frontend/Dockerfile index 8d615c0c5..0982fd5a4 100644 --- a/images/miq-app-frontend/Dockerfile +++ b/images/miq-app-frontend/Dockerfile @@ -17,19 +17,12 @@ LABEL name="manageiq" \ description="ManageIQ is a management and automation platform for virtual, private, and hybrid cloud infrastructures." \ io.k8s.display-name="ManageIQ" \ io.k8s.description="ManageIQ is a management and automation platform for virtual, private, and hybrid cloud infrastructures." \ - io.openshift.expose-services="443:https" \ + io.openshift.expose-services="80:http" \ io.openshift.tags="ManageIQ,miq,manageiq" ## Install EPEL repo, yum necessary packages for the build without docs, clean all caches RUN yum -y install centos-release-scl-rh && \ - yum -y install --setopt=tsflags=nodocs \ - httpd \ - mod_auth_kerb \ - mod_authnz_pam \ - mod_intercept_form_submit \ - mod_lookup_identity \ - mod_ssl \ - && \ + yum -y install httpd --setopt=tsflags=nodocs && \ yum clean all ## GIT clone service UI repo (SUI) @@ -37,8 +30,8 @@ RUN mkdir -p ${SUI_ROOT} && \ curl -L https://github.com/ManageIQ/manageiq-ui-service/tarball/${REF} | tar vxz -C ${SUI_ROOT} --strip 1 ## Setup environment -RUN mv /etc/httpd/conf.d/ssl.conf{,.orig} && \ - echo "# This file intentionally left blank. ManageIQ maintains its own SSL configuration" > /etc/httpd/conf.d/ssl.conf +RUN rm -f /etc/httpd/conf.d/ssl.conf && \ + rm -f /etc/httpd/conf.d/manageiq-http*.conf ## Change workdir to application root, build/install gems WORKDIR ${APP_ROOT} @@ -61,9 +54,10 @@ RUN source /etc/default/evm && \ yarn cache clean ## Expose required container ports -EXPOSE 80 443 +EXPOSE 80 COPY docker-assets/check-dependent-services.sh /bin +COPY docker-assets/manageiq-http.conf /etc/httpd/conf.d ENTRYPOINT ["/usr/local/bin/dumb-init", "--single-child", "--"] CMD ["entrypoint"] diff --git a/images/miq-app-frontend/docker-assets/manageiq-http.conf b/images/miq-app-frontend/docker-assets/manageiq-http.conf new file mode 100644 index 000000000..0667adcab --- /dev/null +++ b/images/miq-app-frontend/docker-assets/manageiq-http.conf @@ -0,0 +1,28 @@ +## ManageIQ HTTP Virtual Host Context + +# Timeout: The number of seconds before receives and sends time out. +Timeout 120 + +# HTTP Start-up error log +ErrorLog /var/www/miq/vmdb/log/apache/miq_apache.log + +RewriteEngine On +Options SymLinksIfOwnerMatch + + + DocumentRoot /var/www/miq/vmdb/public + Include conf.d/manageiq-redirects-ui + Include conf.d/manageiq-redirects-ws + Include conf.d/manageiq-redirects-websocket + ProxyPreserveHost on + + Header unset ETag + FileETag None + ExpiresActive On + ExpiresDefault "access plus 1 year" + + + ErrorDocument 403 /error/noindex.html + ErrorDocument 404 /error/noindex.html + + diff --git a/images/miq-app/docker-assets/appliance-initialize.sh b/images/miq-app/docker-assets/appliance-initialize.sh index af567c28d..78d0d8e11 100755 --- a/images/miq-app/docker-assets/appliance-initialize.sh +++ b/images/miq-app/docker-assets/appliance-initialize.sh @@ -15,9 +15,6 @@ write_v2_key restore_pv_data -# Generate httpd certificate -/usr/bin/generate_miq_server_cert.sh - cd ${APP_ROOT} bin/rake evm:deployment_status case $? in diff --git a/templates/miq-template-ext-db.yaml b/templates/miq-template-ext-db.yaml index de8f0e59c..eb90dd247 100644 --- a/templates/miq-template-ext-db.yaml +++ b/templates/miq-template-ext-db.yaml @@ -51,10 +51,6 @@ objects: port: 80 protocol: TCP targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 selector: name: "${NAME}" - apiVersion: v1 @@ -64,9 +60,10 @@ objects: spec: host: "${APPLICATION_DOMAIN}" port: - targetPort: https + targetPort: http tls: - termination: passthrough + termination: edge + insecureEdgeTerminationPolicy: Redirect to: kind: Service name: "${HTTPD_SERVICE_NAME}" @@ -114,21 +111,19 @@ objects: image: "${APPLICATION_IMG_NAME}:${FRONTEND_APPLICATION_IMG_TAG}" livenessProbe: tcpSocket: - port: 443 + port: 80 initialDelaySeconds: 480 timeoutSeconds: 3 readinessProbe: httpGet: path: "/" - port: 443 - scheme: HTTPS + port: 80 + scheme: HTTP initialDelaySeconds: 200 timeoutSeconds: 3 ports: - containerPort: 80 protocol: TCP - - containerPort: 443 - protocol: TCP volumeMounts: - name: "${NAME}-server" mountPath: "/persistent" @@ -484,9 +479,6 @@ objects: - name: http port: 80 targetPort: 80 - - name: https - port: 443 - targetPort: 443 selector: name: httpd - apiVersion: v1 @@ -525,23 +517,19 @@ objects: image: "${HTTPD_IMG_NAME}:${HTTPD_IMG_TAG}" ports: - containerPort: 80 - - containerPort: 443 livenessProbe: tcpSocket: - port: 443 + port: 80 initialDelaySeconds: 15 timeoutSeconds: 3 readinessProbe: httpGet: path: "/" - port: 443 - scheme: HTTPS + port: 80 + scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 3 volumeMounts: [] - env: - - name: MANAGEIQ_SERVICE_NAME - value: "${NAME}" resources: requests: memory: "${HTTPD_MEM_REQ}" diff --git a/templates/miq-template.yaml b/templates/miq-template.yaml index d49a9f8f8..777170896 100644 --- a/templates/miq-template.yaml +++ b/templates/miq-template.yaml @@ -124,10 +124,6 @@ objects: port: 80 protocol: TCP targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 selector: name: "${NAME}" - apiVersion: v1 @@ -137,9 +133,10 @@ objects: spec: host: "${APPLICATION_DOMAIN}" port: - targetPort: https + targetPort: http tls: - termination: passthrough + termination: edge + insecureEdgeTerminationPolicy: Redirect to: kind: Service name: "${HTTPD_SERVICE_NAME}" @@ -205,21 +202,19 @@ objects: image: "${APPLICATION_IMG_NAME}:${FRONTEND_APPLICATION_IMG_TAG}" livenessProbe: tcpSocket: - port: 443 + port: 80 initialDelaySeconds: 480 timeoutSeconds: 3 readinessProbe: httpGet: path: "/" - port: 443 - scheme: HTTPS + port: 80 + scheme: HTTP initialDelaySeconds: 200 timeoutSeconds: 3 ports: - containerPort: 80 protocol: TCP - - containerPort: 443 - protocol: TCP volumeMounts: - name: "${NAME}-server" mountPath: "/persistent" @@ -647,9 +642,6 @@ objects: - name: http port: 80 targetPort: 80 - - name: https - port: 443 - targetPort: 443 selector: name: httpd - apiVersion: v1 @@ -688,23 +680,19 @@ objects: image: "${HTTPD_IMG_NAME}:${HTTPD_IMG_TAG}" ports: - containerPort: 80 - - containerPort: 443 livenessProbe: tcpSocket: - port: 443 + port: 80 initialDelaySeconds: 15 timeoutSeconds: 3 readinessProbe: httpGet: path: "/" - port: 443 - scheme: HTTPS + port: 80 + scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 3 volumeMounts: [] - env: - - name: MANAGEIQ_SERVICE_NAME - value: "${NAME}" resources: requests: memory: "${HTTPD_MEM_REQ}"