CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #254 from Security-Onion-Solutions/hotfix/auth-conf

Browse Source 
hotfix/auth-conf
This commit is contained in:
Mike Reeves
2020-01-28 10:16:55 -05:00
committed by GitHub
parent 67d940048f 47f02389fc
commit 1f501c0c7d
2 changed files with 54 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
salt/common/nginx/nginx.conf.so-master
View File

@@ -88,7 +88,7 @@ http {
# } # }
location /grafana/ { location /grafana/ {
rewrite /grafana/(.*) /$1 break; rewrite /grafana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:3000/; proxy_pass http://{{ masterip }}:3000/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -100,9 +100,8 @@ http {
} }
location /kibana/ { location /kibana/ {
auth_basic "Security Onion"; auth_request /so-auth/api/auth/;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd; rewrite /kibana/(.*) /$1 break;
rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:5601/; proxy_pass http://{{ masterip }}:5601/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -125,8 +124,7 @@ http {
} }
location /navigator/ { location /navigator/ {
auth_basic "Security Onion"; auth_request /so-auth/api/auth/;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
proxy_pass http://{{ masterip }}:4200/navigator/; proxy_pass http://{{ masterip }}:4200/navigator/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -151,9 +149,8 @@ http {
} }
location /fleet/ { location /fleet/ {
rewrite /fleet/(.*) /$1 break; rewrite /fleet/(.*) /$1 break;
auth_basic "Security Onion"; auth_request /so-auth/api/auth/;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
proxy_pass https://{{ masterip }}:8080/; proxy_pass https://{{ masterip }}:8080/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -200,8 +197,7 @@ http {
} }
location /sensoroni/ { location /sensoroni/ {
auth_basic "Security Onion"; auth_request /so-auth/api/auth/;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
proxy_pass http://{{ masterip }}:9822/; proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -238,6 +234,26 @@ http {
} }
location /so-auth/loginpage/ {
proxy_pass http://{{ masterip }}:4242/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /so-auth/api/ {
proxy_pass http://{{ masterip }}:5656/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
error_page 401 = @error401;
location @error401 {
add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/";
return 302 http://{{ masterip }}/so-auth/loginpage/;
}
error_page 404 /404.html; error_page 404 /404.html;
location = /40x.html { location = /40x.html {
} }

38
salt/common/nginx/nginx.conf.so-mastersearch
View File

@@ -88,7 +88,7 @@ http {
# } # }
location /grafana/ { location /grafana/ {
rewrite /grafana/(.*) /$1 break; rewrite /grafana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:3000/; proxy_pass http://{{ masterip }}:3000/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -100,9 +100,8 @@ http {
} }
location /kibana/ { location /kibana/ {
auth_basic "Security Onion"; auth_request /so-auth/api/auth/;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd; rewrite /kibana/(.*) /$1 break;
rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:5601/; proxy_pass http://{{ masterip }}:5601/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -125,8 +124,7 @@ http {
} }
location /navigator/ { location /navigator/ {
auth_basic "Security Onion"; auth_request /so-auth/api/auth/;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
proxy_pass http://{{ masterip }}:4200/navigator/; proxy_pass http://{{ masterip }}:4200/navigator/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -151,9 +149,8 @@ http {
} }
location /fleet/ { location /fleet/ {
rewrite /fleet/(.*) /$1 break; rewrite /fleet/(.*) /$1 break;
auth_basic "Security Onion"; auth_request /so-auth/api/auth/;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
proxy_pass https://{{ masterip }}:8080/; proxy_pass https://{{ masterip }}:8080/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -212,8 +209,7 @@ http {
} }
location /sensoroni/ { location /sensoroni/ {
auth_basic "Security Onion"; auth_request /so-auth/api/auth/;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
proxy_pass http://{{ masterip }}:9822/; proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -250,6 +246,26 @@ http {
} }
location /so-auth/loginpage/ {
proxy_pass http://{{ masterip }}:4242/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /so-auth/api/ {
proxy_pass http://{{ masterip }}:5656/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
error_page 401 = @error401;
location @error401 {
add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/";
return 302 http://{{ masterip }}/so-auth/loginpage/;
}
error_page 404 /404.html; error_page 404 /404.html;
location = /40x.html { location = /40x.html {
} }