Merge pull request 'denc-webcluster: allow http(s) publicly' (#24) from import-denc-webcluster-fw into production

Reviewed-on: #24

pillar/cluster/denc/web-proxy.sls

@@ -15,6 +15,7 @@ keepalived:
       smtp_server: {{ mailer }}
       smtp_connect_timeout: 30
       router_id: SSO_FO
+      enable_script_security: true
     vrrp_script:
       check_nginx_port:
         script: '"/usr/bin/curl -kfsSm2 https://[::1]:443"'
@@ -204,3 +205,10 @@ nginx:
             - proxy_busy_buffers_size: 512k
             - error_log: /var/log/nginx/libsso_public.error.log
             - access_log: /var/log/nginx/libsso_public.access.log combined
+
+firewalld:
+  zones:
+    public:
+      services:
+        - http
+        - https