From 2d5da24ce5d695b3f934ec06c654f7ae754b3fbf Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sun, 12 Feb 2023 16:28:19 +0100 Subject: [PATCH] denc-webcluster: nginx AppArmor rules Allow access to client trust certificate and to static content. Signed-off-by: Georg Pfuetzenreuter --- pillar/cluster/denc/web-proxy.sls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls index 7b5cebd..7748768 100644 --- a/pillar/cluster/denc/web-proxy.sls +++ b/pillar/cluster/denc/web-proxy.sls @@ -209,3 +209,10 @@ firewalld: services: - http - https + +profile: + apparmor: + local: + usr.sbin.nginx: + - '{{ trustcrt }} r,' + - '/srv/www/{libsso.net,sso.casa,sso.syscid.com}/{index.html,stuff/tacit-css-1.5.2.min.css} r,'