From 15c32f9103c4bfbdd1b7b90b8dd55b8c1df955fc Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 16 Oct 2024 12:33:14 -0400
Subject: [PATCH] connect routes

---
 salt/nginx/etc/nginx.conf | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index 1e45f0db5..fc18e1fe8 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -219,6 +219,35 @@ http {
 			proxy_set_header      X-Forwarded-Proto $scheme;
 		}
 
+		location /connect/token {
+			rewrite               /connect/token(.*) /oauth2/token$1 break;
+			limit_req             zone=auth_throttle burst={{ NGINXMERGED.config.throttle_login_burst }} nodelay;
+			limit_req_status      429;
+			proxy_pass            http://{{ GLOBALS.manager }}:4444;
+			proxy_read_timeout    90;
+			proxy_connect_timeout 90;
+			proxy_set_header      Host $host;
+			proxy_set_header      X-Real-IP $remote_addr;
+			proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+			proxy_set_header      Proxy "";
+			proxy_set_header      X-Forwarded-Proto $scheme;
+		}
+
+		location /connect/api {
+			if ($http_authorization !~ "Bearer .*") {
+				return 403;
+			}
+			proxy_pass            http://{{ GLOBALS.manager }}:9822/;
+			proxy_read_timeout    300;
+			proxy_connect_timeout 300;
+			proxy_set_header      x-user-id "";
+			proxy_set_header      Host $host;
+			proxy_set_header      X-Real-IP $remote_addr;
+			proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+			proxy_set_header      Proxy "";
+			proxy_set_header      X-Forwarded-Proto $scheme;
+		}
+
 		location /cyberchef/ {
 			auth_request          /auth/sessions/whoami;
 			proxy_read_timeout    90;