pulp_webserver: Allow one to specify non-standard port

fixes #7662
pulp · Oct 7, 2020 · 3d6b2b3 · 3d6b2b3
1 parent c0e2a81
commit 3d6b2b3
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 13 deletions.
diff --git a/CHANGES/7662.feature b/CHANGES/7662.feature
@@ -0,0 +1,2 @@
+Allow one to customize webserver ports pulp will be listening on via `pulp_webserver_http_port`
+(defaults to 80) and `pulp_webserver_https_port` (defaults to 443).
diff --git a/roles/pulp_webserver/README.md b/roles/pulp_webserver/README.md
@@ -17,6 +17,8 @@ Role Variables
   'nginx'.
 * `pulp_configure_firewall` Install and configure a firewall. Valid values are 'auto', 'firewalld',
   and 'none'. Defaults to 'auto' (which is the same as 'firewalld', but may change in the future).
+* `pulp_webserver_http_port`: Define the HTTP port to listen on. Defaults to `80`.
+* `pulp_webserver_https_port`: Define the HTTPS port to listen on. Defaults to `443`.
 * `pulp_webserver_disable_https`: Whether or not HTTPS should be disabled. Defaults to `false`.
 * `pulp_webserver_tls_cert`: Relative or absolute path to the TLS (SSL) certificate
    one wants to import.

diff --git a/roles/pulp_webserver/defaults/main.yml b/roles/pulp_webserver/defaults/main.yml
@@ -12,6 +12,9 @@ pulp_webserver_httpd_servername: '{{ ansible_facts.fqdn }}'
 pulp_webserver_static_dir: "{{ pulp_user_home | regex_replace('\\/$', '') }}/pulpcore_static"
 pulp_webserver_tls_files_remote: false
 
+pulp_webserver_http_port: 80
+pulp_webserver_https_port: 443
+
 # To fit nicely with other roles calling pulp_installer.pulp_webserver it is a
 # good idea to handle the case when wrapper call the role with value defined
 # but set to '' - to act as undefined. Without the following the following

diff --git a/roles/pulp_webserver/tasks/firewalld.yml b/roles/pulp_webserver/tasks/firewalld.yml
@@ -12,16 +12,16 @@
         state: started
         enabled: true
 
-    - name: Accept connections on port 80
+    - name: Accept HTTP connections on port {{ pulp_webserver_http_port }}
       firewalld:
-        service: http
+        port: '{{ pulp_webserver_http_port }}/tcp'
         permanent: true
         immediate: true
         state: enabled
 
-    - name: Accept connections on port 443
+    - name: Accept HTTPS connections on port {{ pulp_webserver_https_port }}
       firewalld:
-        service: https
+        port: '{{ pulp_webserver_https_port }}/tcp'
         permanent: true
         immediate: true
         state: enabled

diff --git a/roles/pulp_webserver/templates/nginx.conf.j2 b/roles/pulp_webserver/templates/nginx.conf.j2
@@ -32,11 +32,11 @@ http {
     server {
         # Gunicorn docs suggest the use of the "deferred" directive on Linux.
 {% if pulp_webserver_disable_https | bool %}
-        listen 80 default_server deferred;
-        listen [::]:80 default_server deferred;
+        listen {{ pulp_webserver_http_port }} default_server deferred;
+        listen [::]:{{ pulp_webserver_http_port }} default_server deferred;
 {% else %}
-        listen 443 default_server deferred ssl;
-        listen [::]:443 default_server deferred ssl;
+        listen {{ pulp_webserver_https_port }} default_server deferred ssl;
+        listen [::]:{{ pulp_webserver_https_port }} default_server deferred ssl;
 
         ssl_certificate {{ pulp_certs_dir }}/pulp_webserver.crt;
         ssl_certificate_key {{ pulp_certs_dir }}/pulp_webserver.key;
@@ -120,8 +120,8 @@ http {
 
 {% if not pulp_webserver_disable_https | bool %}
     server {
-        listen 80 default_server;
-        listen [::]:80 default_server;
+        listen {{ pulp_webserver_http_port }} default_server;
+        listen [::]:{{ pulp_webserver_http_port }} default_server;
         server_name _;
         return 301 https://$host$request_uri;
     }

diff --git a/roles/pulp_webserver/templates/pulp-vhost.conf.j2 b/roles/pulp_webserver/templates/pulp-vhost.conf.j2
@@ -2,7 +2,7 @@ Define pulp-content {{ pulp_content_bind }}
 Define pulp-api {{ pulp_api_bind }}
 
 {% if pulp_webserver_disable_https | bool %}
-<VirtualHost *:80>
+<VirtualHost *:{{ pulp_webserver_http_port }}>
   ServerName {{ pulp_webserver_httpd_servername }}
 
   ## Logging
@@ -33,12 +33,12 @@ Define pulp-api {{ pulp_api_bind }}
 
 </VirtualHost>
 {% else %}
-<VirtualHost *:80>
+<VirtualHost *:{{ pulp_webserver_http_port }}>
   ServerName {{ pulp_webserver_httpd_servername }}
   Redirect permanent / https://{{ pulp_webserver_httpd_servername }}/
 </VirtualHost>
 
-<VirtualHost *:443>
+<VirtualHost *:{{ pulp_webserver_https_port }}>
   ServerName {{ pulp_webserver_httpd_servername }}
 
   # static files that can change dynamically, or are needed for TLS