mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-08 18:22:47 +01:00
[fix][feat] Move navigator entries to static files + fix indent
This commit is contained in:
William Wernert
@@ -14,318 +14,312 @@ pid /run/nginx.pid;
|
|||||||
include /usr/share/nginx/modules/*.conf;
|
include /usr/share/nginx/modules/*.conf;
|
||||||
|
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log main;
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
types_hash_max_size 2048;
|
types_hash_max_size 2048;
|
||||||
client_max_body_size 1024M;
|
client_max_body_size 1024M;
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
||||||
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
||||||
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
||||||
# for more information.
|
# for more information.
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
#server {
|
#server {
|
||||||
# listen 80 default_server;
|
# listen 80 default_server;
|
||||||
# listen [::]:80 default_server;
|
# listen [::]:80 default_server;
|
||||||
# server_name _;
|
# server_name _;
|
||||||
# root /opt/socore/html;
|
# root /opt/socore/html;
|
||||||
# index index.html;
|
# index index.html;
|
||||||
|
|
||||||
# Load configuration files for the default server block.
|
# Load configuration files for the default server block.
|
||||||
#include /etc/nginx/default.d/*.conf;
|
#include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
# location / {
|
# location / {
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# error_page 404 /404.html;
|
# error_page 404 /404.html;
|
||||||
# location = /40x.html {
|
# location = /40x.html {
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# error_page 500 502 503 504 /50x.html;
|
# error_page 500 502 503 504 /50x.html;
|
||||||
# location = /50x.html {
|
# location = /50x.html {
|
||||||
# }
|
# }
|
||||||
#}
|
#}
|
||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if FLEET_MASTER %}
|
{% if FLEET_MASTER %}
|
||||||
server {
|
server {
|
||||||
listen 8090 ssl http2 default_server;
|
listen 8090 ssl http2 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /opt/socore/html;
|
root /opt/socore/html;
|
||||||
index blank.html;
|
index blank.html;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
||||||
grpc_pass grpcs://{{ masterip }}:8080;
|
grpc_pass grpcs://{{ masterip }}:8080;
|
||||||
grpc_set_header Host $host;
|
grpc_set_header Host $host;
|
||||||
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# Settings for a TLS enabled server.
|
# Settings for a TLS enabled server.
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2 default_server;
|
listen 443 ssl http2 default_server;
|
||||||
#listen [::]:443 ssl http2 default_server;
|
#listen [::]:443 ssl http2 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /opt/socore/html;
|
root /opt/socore/html;
|
||||||
index index.html;
|
index index.html;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
# Load configuration files for the default server block.
|
# Load configuration files for the default server block.
|
||||||
#include /etc/nginx/default.d/*.conf;
|
#include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
||||||
proxy_pass http://{{ masterip }}:9822;
|
proxy_pass http://{{ masterip }}:9822;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_pass http://{{ masterip }}:9822/;
|
proxy_pass http://{{ masterip }}:9822/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
||||||
rewrite /auth/(.*) /$1 break;
|
rewrite /auth/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:4433;
|
proxy_pass http://{{ masterip }}:4433;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /cyberchef/ {
|
location /cyberchef/ {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /cyberchef {
|
location /navigator/ {
|
||||||
rewrite ^ /cyberchef/ permanent;
|
auth_request /auth/sessions/whoami;
|
||||||
}
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
location /packages/ {
|
location /packages/ {
|
||||||
try_files $uri =206;
|
try_files $uri =206;
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /grafana/ {
|
location /grafana/ {
|
||||||
rewrite /grafana/(.*) /$1 break;
|
rewrite /grafana/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:3000/;
|
proxy_pass http://{{ masterip }}:3000/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /kibana/ {
|
location /kibana/ {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
rewrite /kibana/(.*) /$1 break;
|
rewrite /kibana/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:5601/;
|
proxy_pass http://{{ masterip }}:5601/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /nodered/ {
|
location /nodered/ {
|
||||||
proxy_pass http://{{ masterip }}:1880/;
|
proxy_pass http://{{ masterip }}:1880/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /playbook/ {
|
location /playbook/ {
|
||||||
proxy_pass http://{{ masterip }}:3200/playbook/;
|
proxy_pass http://{{ masterip }}:3200/playbook/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{%- if FLEET_NODE %}
|
||||||
|
location /fleet/ {
|
||||||
|
return 301 https://{{ FLEET_IP }}/fleet;
|
||||||
|
}
|
||||||
|
{%- else %}
|
||||||
|
location /fleet/ {
|
||||||
|
proxy_pass https://{{ masterip }}:8080;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
location /navigator/ {
|
location /thehive/ {
|
||||||
auth_request /auth/sessions/whoami;
|
proxy_pass http://{{ masterip }}:9000/thehive/;
|
||||||
proxy_pass http://{{ masterip }}:4200/navigator/;
|
proxy_read_timeout 90;
|
||||||
proxy_read_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
{%- if FLEET_NODE %}
|
location /cortex/ {
|
||||||
location /fleet/ {
|
proxy_pass http://{{ masterip }}:9001/cortex/;
|
||||||
return 301 https://{{ FLEET_IP }}/fleet;
|
proxy_read_timeout 90;
|
||||||
}
|
proxy_connect_timeout 90;
|
||||||
{%- else %}
|
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||||
location /fleet/ {
|
proxy_set_header Host $host;
|
||||||
proxy_pass https://{{ masterip }}:8080;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_read_timeout 90;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_connect_timeout 90;
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Host $host;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
}
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
location /thehive/ {
|
location /soctopus/ {
|
||||||
proxy_pass http://{{ masterip }}:9000/thehive/;
|
proxy_pass http://{{ masterip }}:7000/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
proxy_set_header Host $host;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
location /cortex/ {
|
location /kibana/app/soc/ {
|
||||||
proxy_pass http://{{ masterip }}:9001/cortex/;
|
rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
|
||||||
proxy_read_timeout 90;
|
}
|
||||||
proxy_connect_timeout 90;
|
|
||||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /soctopus/ {
|
location /kibana/app/fleet/ {
|
||||||
proxy_pass http://{{ masterip }}:7000/;
|
rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent;
|
||||||
proxy_read_timeout 90;
|
}
|
||||||
proxy_connect_timeout 90;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /kibana/app/soc/ {
|
location /kibana/app/soctopus/ {
|
||||||
rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
|
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /kibana/app/fleet/ {
|
location /sensoroniagents/ {
|
||||||
rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent;
|
proxy_pass http://{{ masterip }}:9822/;
|
||||||
}
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
location /kibana/app/soctopus/ {
|
error_page 401 = @error401;
|
||||||
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /sensoroniagents/ {
|
location @error401 {
|
||||||
proxy_pass http://{{ masterip }}:9822/;
|
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
|
||||||
proxy_read_timeout 90;
|
return 302 /auth/self-service/browser/flows/login;
|
||||||
proxy_connect_timeout 90;
|
}
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
error_page 401 = @error401;
|
#error_page 404 /404.html;
|
||||||
|
# location = /usr/share/nginx/html/40x.html {
|
||||||
|
#}
|
||||||
|
|
||||||
location @error401 {
|
error_page 500 502 503 504 /50x.html;
|
||||||
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
|
location = /usr/share/nginx/html/50x.html {
|
||||||
return 302 /auth/self-service/browser/flows/login;
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#error_page 404 /404.html;
|
|
||||||
# location = /usr/share/nginx/html/40x.html {
|
|
||||||
#}
|
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
location = /usr/share/nginx/html/50x.html {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -14,87 +14,87 @@ pid /run/nginx.pid;
|
|||||||
include /usr/share/nginx/modules/*.conf;
|
include /usr/share/nginx/modules/*.conf;
|
||||||
|
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log main;
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
types_hash_max_size 2048;
|
types_hash_max_size 2048;
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 8090 ssl http2 default_server;
|
listen 8090 ssl http2 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /opt/socore/html;
|
root /opt/socore/html;
|
||||||
index blank.html;
|
index blank.html;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
||||||
grpc_pass grpcs://{{ MAINIP }}:8080;
|
grpc_pass grpcs://{{ MAINIP }}:8080;
|
||||||
grpc_set_header Host $host;
|
grpc_set_header Host $host;
|
||||||
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2 default_server;
|
listen 443 ssl http2 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /opt/socore/html/packages;
|
root /opt/socore/html/packages;
|
||||||
index index.html;
|
index index.html;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
location /fleet/ {
|
location /fleet/ {
|
||||||
proxy_pass https://{{ MAINIP }}:8080;
|
proxy_pass https://{{ MAINIP }}:8080;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
#error_page 404 /404.html;
|
#error_page 404 /404.html;
|
||||||
# location = /40x.html {
|
# location = /40x.html {
|
||||||
#}
|
#}
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
error_page 500 502 503 504 /50x.html;
|
||||||
location = /usr/share/nginx/html/50x.html {
|
location = /usr/share/nginx/html/50x.html {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -11,50 +11,50 @@ pid /run/nginx.pid;
|
|||||||
include /usr/share/nginx/modules/*.conf;
|
include /usr/share/nginx/modules/*.conf;
|
||||||
|
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log main;
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
types_hash_max_size 2048;
|
types_hash_max_size 2048;
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
||||||
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
||||||
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
||||||
# for more information.
|
# for more information.
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
listen [::]:80 default_server;
|
listen [::]:80 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /usr/share/nginx/html;
|
root /usr/share/nginx/html;
|
||||||
|
|
||||||
# Load configuration files for the default server block.
|
# Load configuration files for the default server block.
|
||||||
include /etc/nginx/default.d/*.conf;
|
include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
}
|
}
|
||||||
|
|
||||||
error_page 404 /404.html;
|
error_page 404 /404.html;
|
||||||
location = /40x.html {
|
location = /40x.html {
|
||||||
}
|
}
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
error_page 500 502 503 504 /50x.html;
|
||||||
location = /50x.html {
|
location = /50x.html {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Settings for a TLS enabled server.
|
# Settings for a TLS enabled server.
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -14,318 +14,312 @@ pid /run/nginx.pid;
|
|||||||
include /usr/share/nginx/modules/*.conf;
|
include /usr/share/nginx/modules/*.conf;
|
||||||
|
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log main;
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
types_hash_max_size 2048;
|
types_hash_max_size 2048;
|
||||||
client_max_body_size 1024M;
|
client_max_body_size 1024M;
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
||||||
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
||||||
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
||||||
# for more information.
|
# for more information.
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
#server {
|
#server {
|
||||||
# listen 80 default_server;
|
# listen 80 default_server;
|
||||||
# listen [::]:80 default_server;
|
# listen [::]:80 default_server;
|
||||||
# server_name _;
|
# server_name _;
|
||||||
# root /opt/socore/html;
|
# root /opt/socore/html;
|
||||||
# index index.html;
|
# index index.html;
|
||||||
|
|
||||||
# Load configuration files for the default server block.
|
# Load configuration files for the default server block.
|
||||||
#include /etc/nginx/default.d/*.conf;
|
#include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
# location / {
|
# location / {
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# error_page 404 /404.html;
|
# error_page 404 /404.html;
|
||||||
# location = /40x.html {
|
# location = /40x.html {
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# error_page 500 502 503 504 /50x.html;
|
# error_page 500 502 503 504 /50x.html;
|
||||||
# location = /50x.html {
|
# location = /50x.html {
|
||||||
# }
|
# }
|
||||||
#}
|
#}
|
||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if FLEET_MASTER %}
|
{% if FLEET_MASTER %}
|
||||||
server {
|
server {
|
||||||
listen 8090 ssl http2 default_server;
|
listen 8090 ssl http2 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /opt/socore/html;
|
root /opt/socore/html;
|
||||||
index blank.html;
|
index blank.html;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
||||||
grpc_pass grpcs://{{ masterip }}:8080;
|
grpc_pass grpcs://{{ masterip }}:8080;
|
||||||
grpc_set_header Host $host;
|
grpc_set_header Host $host;
|
||||||
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# Settings for a TLS enabled server.
|
# Settings for a TLS enabled server.
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2 default_server;
|
listen 443 ssl http2 default_server;
|
||||||
#listen [::]:443 ssl http2 default_server;
|
#listen [::]:443 ssl http2 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /opt/socore/html;
|
root /opt/socore/html;
|
||||||
index index.html;
|
index index.html;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
# Load configuration files for the default server block.
|
# Load configuration files for the default server block.
|
||||||
#include /etc/nginx/default.d/*.conf;
|
#include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
||||||
proxy_pass http://{{ masterip }}:9822;
|
proxy_pass http://{{ masterip }}:9822;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_pass http://{{ masterip }}:9822/;
|
proxy_pass http://{{ masterip }}:9822/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
||||||
rewrite /auth/(.*) /$1 break;
|
rewrite /auth/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:4433;
|
proxy_pass http://{{ masterip }}:4433;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /cyberchef/ {
|
location /cyberchef/ {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /cyberchef {
|
location /navigator/ {
|
||||||
rewrite ^ /cyberchef/ permanent;
|
auth_request /auth/sessions/whoami;
|
||||||
}
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
location /packages/ {
|
location /packages/ {
|
||||||
try_files $uri =206;
|
try_files $uri =206;
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /grafana/ {
|
location /grafana/ {
|
||||||
rewrite /grafana/(.*) /$1 break;
|
rewrite /grafana/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:3000/;
|
proxy_pass http://{{ masterip }}:3000/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /kibana/ {
|
location /kibana/ {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
rewrite /kibana/(.*) /$1 break;
|
rewrite /kibana/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:5601/;
|
proxy_pass http://{{ masterip }}:5601/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /nodered/ {
|
location /nodered/ {
|
||||||
proxy_pass http://{{ masterip }}:1880/;
|
proxy_pass http://{{ masterip }}:1880/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /playbook/ {
|
location /playbook/ {
|
||||||
proxy_pass http://{{ masterip }}:3200/playbook/;
|
proxy_pass http://{{ masterip }}:3200/playbook/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{%- if FLEET_NODE %}
|
||||||
|
location /fleet/ {
|
||||||
|
return 301 https://{{ FLEET_IP }}/fleet;
|
||||||
|
}
|
||||||
|
{%- else %}
|
||||||
|
location /fleet/ {
|
||||||
|
proxy_pass https://{{ masterip }}:8080;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
location /navigator/ {
|
location /thehive/ {
|
||||||
auth_request /auth/sessions/whoami;
|
proxy_pass http://{{ masterip }}:9000/thehive/;
|
||||||
proxy_pass http://{{ masterip }}:4200/navigator/;
|
proxy_read_timeout 90;
|
||||||
proxy_read_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
{%- if FLEET_NODE %}
|
location /cortex/ {
|
||||||
location /fleet/ {
|
proxy_pass http://{{ masterip }}:9001/cortex/;
|
||||||
return 301 https://{{ FLEET_IP }}/fleet;
|
proxy_read_timeout 90;
|
||||||
}
|
proxy_connect_timeout 90;
|
||||||
{%- else %}
|
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||||
location /fleet/ {
|
proxy_set_header Host $host;
|
||||||
proxy_pass https://{{ masterip }}:8080;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_read_timeout 90;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_connect_timeout 90;
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Host $host;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
}
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
location /thehive/ {
|
location /soctopus/ {
|
||||||
proxy_pass http://{{ masterip }}:9000/thehive/;
|
proxy_pass http://{{ masterip }}:7000/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
proxy_set_header Host $host;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
location /cortex/ {
|
location /kibana/app/soc/ {
|
||||||
proxy_pass http://{{ masterip }}:9001/cortex/;
|
rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
|
||||||
proxy_read_timeout 90;
|
}
|
||||||
proxy_connect_timeout 90;
|
|
||||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /soctopus/ {
|
location /kibana/app/fleet/ {
|
||||||
proxy_pass http://{{ masterip }}:7000/;
|
rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent;
|
||||||
proxy_read_timeout 90;
|
}
|
||||||
proxy_connect_timeout 90;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /kibana/app/soc/ {
|
location /kibana/app/soctopus/ {
|
||||||
rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
|
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /kibana/app/fleet/ {
|
location /sensoroniagents/ {
|
||||||
rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent;
|
proxy_pass http://{{ masterip }}:9822/;
|
||||||
}
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
location /kibana/app/soctopus/ {
|
error_page 401 = @error401;
|
||||||
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /sensoroniagents/ {
|
location @error401 {
|
||||||
proxy_pass http://{{ masterip }}:9822/;
|
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
|
||||||
proxy_read_timeout 90;
|
return 302 /auth/self-service/browser/flows/login;
|
||||||
proxy_connect_timeout 90;
|
}
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
error_page 401 = @error401;
|
#error_page 404 /404.html;
|
||||||
|
# location = /40x.html {
|
||||||
|
#}
|
||||||
|
|
||||||
location @error401 {
|
error_page 500 502 503 504 /50x.html;
|
||||||
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
|
location = /usr/share/nginx/html/50x.html {
|
||||||
return 302 /auth/self-service/browser/flows/login;
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#error_page 404 /404.html;
|
|
||||||
# location = /40x.html {
|
|
||||||
#}
|
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
location = /usr/share/nginx/html/50x.html {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -14,318 +14,311 @@ pid /run/nginx.pid;
|
|||||||
include /usr/share/nginx/modules/*.conf;
|
include /usr/share/nginx/modules/*.conf;
|
||||||
|
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log main;
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
types_hash_max_size 2048;
|
types_hash_max_size 2048;
|
||||||
client_max_body_size 1024M;
|
client_max_body_size 1024M;
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
||||||
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
||||||
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
||||||
# for more information.
|
# for more information.
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
#server {
|
#server {
|
||||||
# listen 80 default_server;
|
# listen 80 default_server;
|
||||||
# listen [::]:80 default_server;
|
# listen [::]:80 default_server;
|
||||||
# server_name _;
|
# server_name _;
|
||||||
# root /opt/socore/html;
|
# root /opt/socore/html;
|
||||||
# index index.html;
|
# index index.html;
|
||||||
|
|
||||||
# Load configuration files for the default server block.
|
# Load configuration files for the default server block.
|
||||||
#include /etc/nginx/default.d/*.conf;
|
#include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
# location / {
|
# location / {
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# error_page 404 /404.html;
|
# error_page 404 /404.html;
|
||||||
# location = /40x.html {
|
# location = /40x.html {
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# error_page 500 502 503 504 /50x.html;
|
# error_page 500 502 503 504 /50x.html;
|
||||||
# location = /50x.html {
|
# location = /50x.html {
|
||||||
# }
|
# }
|
||||||
#}
|
#}
|
||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if FLEET_MASTER %}
|
{% if FLEET_MASTER %}
|
||||||
server {
|
server {
|
||||||
listen 8090 ssl http2 default_server;
|
listen 8090 ssl http2 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /opt/socore/html;
|
root /opt/socore/html;
|
||||||
index blank.html;
|
index blank.html;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
||||||
grpc_pass grpcs://{{ masterip }}:8080;
|
grpc_pass grpcs://{{ masterip }}:8080;
|
||||||
grpc_set_header Host $host;
|
grpc_set_header Host $host;
|
||||||
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# Settings for a TLS enabled server.
|
# Settings for a TLS enabled server.
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2 default_server;
|
listen 443 ssl http2 default_server;
|
||||||
#listen [::]:443 ssl http2 default_server;
|
#listen [::]:443 ssl http2 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /opt/socore/html;
|
root /opt/socore/html;
|
||||||
index index.html;
|
index index.html;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
# Load configuration files for the default server block.
|
# Load configuration files for the default server block.
|
||||||
#include /etc/nginx/default.d/*.conf;
|
#include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
||||||
proxy_pass http://{{ masterip }}:9822;
|
proxy_pass http://{{ masterip }}:9822;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_pass http://{{ masterip }}:9822/;
|
proxy_pass http://{{ masterip }}:9822/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
||||||
rewrite /auth/(.*) /$1 break;
|
rewrite /auth/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:4433;
|
proxy_pass http://{{ masterip }}:4433;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /cyberchef/ {
|
location /cyberchef/ {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /cyberchef {
|
location /navigator/ {
|
||||||
rewrite ^ /cyberchef/ permanent;
|
auth_request /auth/sessions/whoami;
|
||||||
}
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
location /packages/ {
|
location /packages/ {
|
||||||
try_files $uri =206;
|
try_files $uri =206;
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /grafana/ {
|
location /grafana/ {
|
||||||
rewrite /grafana/(.*) /$1 break;
|
rewrite /grafana/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:3000/;
|
proxy_pass http://{{ masterip }}:3000/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /kibana/ {
|
location /kibana/ {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
rewrite /kibana/(.*) /$1 break;
|
rewrite /kibana/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:5601/;
|
proxy_pass http://{{ masterip }}:5601/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /nodered/ {
|
location /nodered/ {
|
||||||
proxy_pass http://{{ masterip }}:1880/;
|
proxy_pass http://{{ masterip }}:1880/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /playbook/ {
|
location /playbook/ {
|
||||||
proxy_pass http://{{ masterip }}:3200/playbook/;
|
proxy_pass http://{{ masterip }}:3200/playbook/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{%- if FLEET_NODE %}
|
||||||
|
location /fleet/ {
|
||||||
|
return 301 https://{{ FLEET_IP }}/fleet;
|
||||||
|
}
|
||||||
|
{%- else %}
|
||||||
|
location /fleet/ {
|
||||||
|
proxy_pass https://{{ masterip }}:8080;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
location /navigator/ {
|
location /thehive/ {
|
||||||
auth_request /auth/sessions/whoami;
|
proxy_pass http://{{ masterip }}:9000/thehive/;
|
||||||
proxy_pass http://{{ masterip }}:4200/navigator/;
|
proxy_read_timeout 90;
|
||||||
proxy_read_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
{%- if FLEET_NODE %}
|
location /cortex/ {
|
||||||
location /fleet/ {
|
proxy_pass http://{{ masterip }}:9001/cortex/;
|
||||||
return 301 https://{{ FLEET_IP }}/fleet;
|
proxy_read_timeout 90;
|
||||||
}
|
proxy_connect_timeout 90;
|
||||||
{%- else %}
|
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||||
location /fleet/ {
|
proxy_set_header Host $host;
|
||||||
proxy_pass https://{{ masterip }}:8080;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_read_timeout 90;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_connect_timeout 90;
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Host $host;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
}
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
location /thehive/ {
|
location /soctopus/ {
|
||||||
proxy_pass http://{{ masterip }}:9000/thehive/;
|
proxy_pass http://{{ masterip }}:7000/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
proxy_set_header Host $host;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
location /cortex/ {
|
location /kibana/app/soc/ {
|
||||||
proxy_pass http://{{ masterip }}:9001/cortex/;
|
rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
|
||||||
proxy_read_timeout 90;
|
}
|
||||||
proxy_connect_timeout 90;
|
|
||||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /soctopus/ {
|
location /kibana/app/fleet/ {
|
||||||
proxy_pass http://{{ masterip }}:7000/;
|
rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent;
|
||||||
proxy_read_timeout 90;
|
}
|
||||||
proxy_connect_timeout 90;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /kibana/app/soc/ {
|
location /kibana/app/soctopus/ {
|
||||||
rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
|
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /kibana/app/fleet/ {
|
location /sensoroniagents/ {
|
||||||
rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent;
|
proxy_pass http://{{ masterip }}:9822/;
|
||||||
}
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
location /kibana/app/soctopus/ {
|
error_page 401 = @error401;
|
||||||
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /sensoroniagents/ {
|
location @error401 {
|
||||||
proxy_pass http://{{ masterip }}:9822/;
|
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
|
||||||
proxy_read_timeout 90;
|
return 302 /auth/self-service/browser/flows/login;
|
||||||
proxy_connect_timeout 90;
|
}
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
error_page 401 = @error401;
|
#error_page 404 /404.html;
|
||||||
|
# location = /40x.html {
|
||||||
|
#}
|
||||||
|
|
||||||
location @error401 {
|
error_page 500 502 503 504 /50x.html;
|
||||||
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
|
location = /usr/share/nginx/html/50x.html {
|
||||||
return 302 /auth/self-service/browser/flows/login;
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#error_page 404 /404.html;
|
|
||||||
# location = /40x.html {
|
|
||||||
#}
|
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
location = /usr/share/nginx/html/50x.html {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -14,318 +14,312 @@ pid /run/nginx.pid;
|
|||||||
include /usr/share/nginx/modules/*.conf;
|
include /usr/share/nginx/modules/*.conf;
|
||||||
|
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log main;
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
types_hash_max_size 2048;
|
types_hash_max_size 2048;
|
||||||
client_max_body_size 1024M;
|
client_max_body_size 1024M;
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
||||||
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
||||||
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
||||||
# for more information.
|
# for more information.
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
#server {
|
#server {
|
||||||
# listen 80 default_server;
|
# listen 80 default_server;
|
||||||
# listen [::]:80 default_server;
|
# listen [::]:80 default_server;
|
||||||
# server_name _;
|
# server_name _;
|
||||||
# root /opt/socore/html;
|
# root /opt/socore/html;
|
||||||
# index index.html;
|
# index index.html;
|
||||||
|
|
||||||
# Load configuration files for the default server block.
|
# Load configuration files for the default server block.
|
||||||
#include /etc/nginx/default.d/*.conf;
|
#include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
# location / {
|
# location / {
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# error_page 404 /404.html;
|
# error_page 404 /404.html;
|
||||||
# location = /40x.html {
|
# location = /40x.html {
|
||||||
# }
|
# }
|
||||||
|
|
||||||
# error_page 500 502 503 504 /50x.html;
|
# error_page 500 502 503 504 /50x.html;
|
||||||
# location = /50x.html {
|
# location = /50x.html {
|
||||||
# }
|
# }
|
||||||
#}
|
#}
|
||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if FLEET_MASTER %}
|
{% if FLEET_MASTER %}
|
||||||
server {
|
server {
|
||||||
listen 8090 ssl http2 default_server;
|
listen 8090 ssl http2 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /opt/socore/html;
|
root /opt/socore/html;
|
||||||
index blank.html;
|
index blank.html;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
||||||
grpc_pass grpcs://{{ masterip }}:8080;
|
grpc_pass grpcs://{{ masterip }}:8080;
|
||||||
grpc_set_header Host $host;
|
grpc_set_header Host $host;
|
||||||
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# Settings for a TLS enabled server.
|
# Settings for a TLS enabled server.
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2 default_server;
|
listen 443 ssl http2 default_server;
|
||||||
#listen [::]:443 ssl http2 default_server;
|
#listen [::]:443 ssl http2 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
root /opt/socore/html;
|
root /opt/socore/html;
|
||||||
index index.html;
|
index index.html;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
# Load configuration files for the default server block.
|
# Load configuration files for the default server block.
|
||||||
#include /etc/nginx/default.d/*.conf;
|
#include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
||||||
proxy_pass http://{{ masterip }}:9822;
|
proxy_pass http://{{ masterip }}:9822;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_pass http://{{ masterip }}:9822/;
|
proxy_pass http://{{ masterip }}:9822/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
||||||
rewrite /auth/(.*) /$1 break;
|
rewrite /auth/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:4433;
|
proxy_pass http://{{ masterip }}:4433;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /cyberchef/ {
|
location /cyberchef/ {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /cyberchef {
|
location /navigator/ {
|
||||||
rewrite ^ /cyberchef/ permanent;
|
auth_request /auth/sessions/whoami;
|
||||||
}
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
location /packages/ {
|
location /packages/ {
|
||||||
try_files $uri =206;
|
try_files $uri =206;
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /grafana/ {
|
location /grafana/ {
|
||||||
rewrite /grafana/(.*) /$1 break;
|
rewrite /grafana/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:3000/;
|
proxy_pass http://{{ masterip }}:3000/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /kibana/ {
|
location /kibana/ {
|
||||||
auth_request /auth/sessions/whoami;
|
auth_request /auth/sessions/whoami;
|
||||||
rewrite /kibana/(.*) /$1 break;
|
rewrite /kibana/(.*) /$1 break;
|
||||||
proxy_pass http://{{ masterip }}:5601/;
|
proxy_pass http://{{ masterip }}:5601/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /nodered/ {
|
location /nodered/ {
|
||||||
proxy_pass http://{{ masterip }}:1880/;
|
proxy_pass http://{{ masterip }}:1880/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /playbook/ {
|
location /playbook/ {
|
||||||
proxy_pass http://{{ masterip }}:3200/playbook/;
|
proxy_pass http://{{ masterip }}:3200/playbook/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{%- if FLEET_NODE %}
|
||||||
|
location /fleet/ {
|
||||||
|
return 301 https://{{ FLEET_IP }}/fleet;
|
||||||
|
}
|
||||||
|
{%- else %}
|
||||||
|
location /fleet/ {
|
||||||
|
proxy_pass https://{{ masterip }}:8080;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
location /navigator/ {
|
location /thehive/ {
|
||||||
auth_request /auth/sessions/whoami;
|
proxy_pass http://{{ masterip }}:9000/thehive/;
|
||||||
proxy_pass http://{{ masterip }}:4200/navigator/;
|
proxy_read_timeout 90;
|
||||||
proxy_read_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
{%- if FLEET_NODE %}
|
location /cortex/ {
|
||||||
location /fleet/ {
|
proxy_pass http://{{ masterip }}:9001/cortex/;
|
||||||
return 301 https://{{ FLEET_IP }}/fleet;
|
proxy_read_timeout 90;
|
||||||
}
|
proxy_connect_timeout 90;
|
||||||
{%- else %}
|
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||||
location /fleet/ {
|
proxy_set_header Host $host;
|
||||||
proxy_pass https://{{ masterip }}:8080;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_read_timeout 90;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_connect_timeout 90;
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Host $host;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
}
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
location /thehive/ {
|
location /soctopus/ {
|
||||||
proxy_pass http://{{ masterip }}:9000/thehive/;
|
proxy_pass http://{{ masterip }}:7000/;
|
||||||
proxy_read_timeout 90;
|
proxy_read_timeout 90;
|
||||||
proxy_connect_timeout 90;
|
proxy_connect_timeout 90;
|
||||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
proxy_set_header Host $host;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header Proxy "";
|
||||||
proxy_set_header Proxy "";
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
location /cortex/ {
|
location /kibana/app/soc/ {
|
||||||
proxy_pass http://{{ masterip }}:9001/cortex/;
|
rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
|
||||||
proxy_read_timeout 90;
|
}
|
||||||
proxy_connect_timeout 90;
|
|
||||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /soctopus/ {
|
location /kibana/app/fleet/ {
|
||||||
proxy_pass http://{{ masterip }}:7000/;
|
rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent;
|
||||||
proxy_read_timeout 90;
|
}
|
||||||
proxy_connect_timeout 90;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /kibana/app/soc/ {
|
location /kibana/app/soctopus/ {
|
||||||
rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
|
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /kibana/app/fleet/ {
|
location /sensoroniagents/ {
|
||||||
rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent;
|
proxy_pass http://{{ masterip }}:9822/;
|
||||||
}
|
proxy_read_timeout 90;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
location /kibana/app/soctopus/ {
|
error_page 401 = @error401;
|
||||||
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /sensoroniagents/ {
|
location @error401 {
|
||||||
proxy_pass http://{{ masterip }}:9822/;
|
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
|
||||||
proxy_read_timeout 90;
|
return 302 /auth/self-service/browser/flows/login;
|
||||||
proxy_connect_timeout 90;
|
}
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Proxy "";
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
error_page 401 = @error401;
|
#error_page 404 /404.html;
|
||||||
|
# location = /40x.html {
|
||||||
|
#}
|
||||||
|
|
||||||
location @error401 {
|
error_page 500 502 503 504 /50x.html;
|
||||||
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
|
location = /usr/share/nginx/html/50x.html {
|
||||||
return 302 /auth/self-service/browser/flows/login;
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#error_page 404 /404.html;
|
|
||||||
# location = /40x.html {
|
|
||||||
#}
|
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
location = /usr/share/nginx/html/50x.html {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user