From e2c3fe33428790d7bd32ede568ee8b094b294888 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 8 Jun 2020 12:12:25 -0400 Subject: [PATCH] [fix] Add X-Forwarded-Proto to nginx configs --- salt/nginx/etc/nginx.conf.so-eval | 24 ++++++++++++++--------- salt/nginx/etc/nginx.conf.so-fleet | 2 +- salt/nginx/etc/nginx.conf.so-master | 24 ++++++++++++++--------- salt/nginx/etc/nginx.conf.so-mastersearch | 24 ++++++++++++++--------- salt/nginx/etc/nginx.conf.so-standalone | 24 ++++++++++++++--------- 5 files changed, 61 insertions(+), 37 deletions(-) diff --git a/salt/nginx/etc/nginx.conf.so-eval b/salt/nginx/etc/nginx.conf.so-eval index 336d27343..579e5730f 100644 --- a/salt/nginx/etc/nginx.conf.so-eval +++ b/salt/nginx/etc/nginx.conf.so-eval @@ -119,6 +119,7 @@ http { proxy_set_header Proxy ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-Proto $scheme; } location / { @@ -132,6 +133,7 @@ http { proxy_set_header Proxy ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-Proto $scheme; } location ~ ^/auth/.*?(whoami|login|logout) { @@ -143,7 +145,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /cyberchef/ { @@ -154,6 +156,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } location /cyberchef { @@ -169,6 +172,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } location /grafana/ { @@ -180,7 +184,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /kibana/ { @@ -193,7 +197,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /nodered/ { @@ -206,7 +210,7 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /playbook/ { @@ -217,7 +221,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } @@ -230,7 +234,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } {%- if FLEET_NODE %} @@ -246,6 +250,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } {%- endif %} @@ -258,7 +263,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /cortex/ { @@ -270,7 +275,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /soctopus/ { @@ -281,7 +286,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /kibana/app/soc/ { @@ -304,6 +309,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } error_page 401 = @error401; diff --git a/salt/nginx/etc/nginx.conf.so-fleet b/salt/nginx/etc/nginx.conf.so-fleet index 28372f448..2374af4f9 100644 --- a/salt/nginx/etc/nginx.conf.so-fleet +++ b/salt/nginx/etc/nginx.conf.so-fleet @@ -83,7 +83,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } #error_page 404 /404.html; diff --git a/salt/nginx/etc/nginx.conf.so-master b/salt/nginx/etc/nginx.conf.so-master index 33edb9c3e..4eaca57e7 100644 --- a/salt/nginx/etc/nginx.conf.so-master +++ b/salt/nginx/etc/nginx.conf.so-master @@ -119,6 +119,7 @@ http { proxy_set_header Proxy ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-Proto $scheme; } location / { @@ -132,6 +133,7 @@ http { proxy_set_header Proxy ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-Proto $scheme; } location ~ ^/auth/.*?(whoami|login|logout) { @@ -143,7 +145,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /cyberchef/ { @@ -154,6 +156,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } location /cyberchef { @@ -169,6 +172,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } location /grafana/ { @@ -180,7 +184,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /kibana/ { @@ -193,7 +197,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /nodered/ { @@ -206,7 +210,7 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /playbook/ { @@ -217,7 +221,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } @@ -230,7 +234,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } {%- if FLEET_NODE %} @@ -246,6 +250,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } {%- endif %} @@ -258,7 +263,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /cortex/ { @@ -270,7 +275,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /soctopus/ { @@ -281,7 +286,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /kibana/app/soc/ { @@ -304,6 +309,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } error_page 401 = @error401; diff --git a/salt/nginx/etc/nginx.conf.so-mastersearch b/salt/nginx/etc/nginx.conf.so-mastersearch index 33edb9c3e..4eaca57e7 100644 --- a/salt/nginx/etc/nginx.conf.so-mastersearch +++ b/salt/nginx/etc/nginx.conf.so-mastersearch @@ -119,6 +119,7 @@ http { proxy_set_header Proxy ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-Proto $scheme; } location / { @@ -132,6 +133,7 @@ http { proxy_set_header Proxy ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-Proto $scheme; } location ~ ^/auth/.*?(whoami|login|logout) { @@ -143,7 +145,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /cyberchef/ { @@ -154,6 +156,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } location /cyberchef { @@ -169,6 +172,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } location /grafana/ { @@ -180,7 +184,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /kibana/ { @@ -193,7 +197,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /nodered/ { @@ -206,7 +210,7 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /playbook/ { @@ -217,7 +221,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } @@ -230,7 +234,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } {%- if FLEET_NODE %} @@ -246,6 +250,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } {%- endif %} @@ -258,7 +263,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /cortex/ { @@ -270,7 +275,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /soctopus/ { @@ -281,7 +286,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /kibana/app/soc/ { @@ -304,6 +309,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } error_page 401 = @error401; diff --git a/salt/nginx/etc/nginx.conf.so-standalone b/salt/nginx/etc/nginx.conf.so-standalone index 33edb9c3e..4eaca57e7 100644 --- a/salt/nginx/etc/nginx.conf.so-standalone +++ b/salt/nginx/etc/nginx.conf.so-standalone @@ -119,6 +119,7 @@ http { proxy_set_header Proxy ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-Proto $scheme; } location / { @@ -132,6 +133,7 @@ http { proxy_set_header Proxy ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-Proto $scheme; } location ~ ^/auth/.*?(whoami|login|logout) { @@ -143,7 +145,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /cyberchef/ { @@ -154,6 +156,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } location /cyberchef { @@ -169,6 +172,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } location /grafana/ { @@ -180,7 +184,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /kibana/ { @@ -193,7 +197,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /nodered/ { @@ -206,7 +210,7 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /playbook/ { @@ -217,7 +221,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } @@ -230,7 +234,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } {%- if FLEET_NODE %} @@ -246,6 +250,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } {%- endif %} @@ -258,7 +263,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /cortex/ { @@ -270,7 +275,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /soctopus/ { @@ -281,7 +286,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - + proxy_set_header X-Forwarded-Proto $scheme; } location /kibana/app/soc/ { @@ -304,6 +309,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; } error_page 401 = @error401;