0

On the official page, it is said that to host ansible tower behind nginx, you need to provide headers in the /etc/tower/conf.d/remote_host_headers.py file.

But, in my /etc/tower/ folder, there is no conf.d/remote_host_headers.py file.

awx@server:/etc/tower$ tree
.
├── conf.d
│   ├── caching.py
│   ├── celeryd.py
│   ├── ha.py
│   ├── postgres.py
│   └── rabbitmq.py
├── SECRET_KEY
├── settings.py
├── settings.py.20170629122404
├── tower.cert
└── tower.key

How can I host ansible tower via nginx ?

Luv33preet
  • 1,686
  • 7
  • 33
  • 66

1 Answers1

0

I'm not sure why you don't have that file, but I do:

This is it's content:

# HTTP headers and meta keys to search to determine remote host name or IP. Add
# additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a
# reverse proxy.
# Note: The headers will be searched in order and the first found remote host
# name or IP will be used.
#
# In the below example 8.8.8.7 would be the chosen IP address.
# X-Forwarded-For: 8.8.8.7, 192.168.2.1, 127.0.0.1
# Host: 127.0.0.1
# REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR', 'REMOTE_ADDR', 'REMOTE_HOST']

# This setting is now configured via the Tower API.
# REMOTE_HOST_HEADERS = ['REMOTE_ADDR', 'REMOTE_HOST']

REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR', 'REMOTE_ADDR', 'REMOTE_HOST']

This last line is what you want, specifically 'HTTP_X_FORWARDED_FOR' - it tells Tower what IP address is being used beyond your reverse proxy as Tower uses IP Addresses for Session association.

Documentation is here.

Michael

Michael Eaton
  • 1
  • 1