Move In Day

2025-12-09 10:42:54 +01:00 · 2022-09-07 09:06:25 -04:00
parent dcb7b49dbe
commit 2bd9dd80e2
611 changed files with 8015 additions and 16211 deletions
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -1,15 +1,8 @@
 {%- set role = grains.id.split('_') | last %}
-{%- if role == 'fleet' %}
-	{% set mainint = salt['pillar.get']('host:mainint') %}
-	{% set main_ip = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %}
-{%- endif %}

-{%- set manager_ip = salt['pillar.get']('manager:mainip', '') %}
+{%- set manager_ip = salt['pillar.get']('global:managerip', '') %}
 {%- set url_base = salt['pillar.get']('global:url_base') %}

-{%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %}
-{%- set fleet_node = salt['pillar.get']('global:fleet_node') %}
-{%- set fleet_ip = salt['pillar.get']('global:fleet_ip', None) %}
 {%- set airgap = salt['pillar.get']('global:airgap', 'False') %}


@@ -44,45 +37,7 @@ http {

 	include /etc/nginx/conf.d/*.conf;

-	{%- if role in ['eval', 'managersearch', 'manager', 'standalone', 'fleet', 'import'] %}
-
-		{%- if (fleet_manager or role == 'fleet') and role != 'import' %}
-	server {
-		listen       8090 ssl http2 default_server;
-		server_name  {{ url_base }};
-		root         /opt/socore/html;
-		index        blank.html;
-
-		ssl_certificate "/etc/pki/nginx/server.crt";
-		ssl_certificate_key "/etc/pki/nginx/server.key";
-		ssl_session_cache shared:SSL:1m;
-		ssl_session_timeout  10m;
-		ssl_ciphers HIGH:!aNULL:!MD5;
-		ssl_prefer_server_ciphers on;
-
-		location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
-			{%- if role == 'fleet' %}
-			grpc_pass  grpcs://{{ main_ip }}:8080;
-			{%- else %}
-			grpc_pass  grpcs://{{ manager_ip }}:8080;
-			{%- endif %}
-			grpc_set_header Host $host;
-			grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-			proxy_buffering off;
-		}
-		
-		location ~ ^/kolide.launcher.QueryTarget/GetTargets$ {
-			{%- if role == 'fleet' %}
-			grpc_pass  grpcs://{{ main_ip }}:8080;
-			{%- else %}
-			grpc_pass  grpcs://{{ manager_ip }}:8080;
-			{%- endif %}
-			grpc_set_header Host $host;
-			grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-			proxy_buffering off;
-		}
-	}
-		{%- endif %}
+	{%- if role in ['eval', 'managersearch', 'manager', 'standalone', 'import'] %}

 	server {
 		listen 80 default_server;
@@ -106,40 +61,8 @@ http {

 	{%- endif %}

-	{%- if role == 'fleet' %}
-	server {
-		listen       443 ssl http2;
-		server_name  {{ main_ip }};
-		root         /opt/socore/html;
-		index        index.html;
+	{%- if role in ['eval', 'managersearch', 'manager', 'standalone', 'import'] %}

-		ssl_certificate "/etc/pki/nginx/server.crt";
-		ssl_certificate_key "/etc/pki/nginx/server.key";
-		ssl_session_cache shared:SSL:1m;
-		ssl_session_timeout  10m;
-		ssl_ciphers HIGH:!aNULL:!MD5;
-		ssl_prefer_server_ciphers on;
-		ssl_protocols TLSv1.2;
-
-		location /fleet/ {
-			proxy_pass https://{{ main_ip }}:8080;
-			proxy_read_timeout    90;
-			proxy_connect_timeout 90;
-			proxy_set_header      Host $host;
-			proxy_set_header      X-Real-IP $remote_addr;
-			proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
-			proxy_set_header      Proxy "";
-			proxy_set_header      X-Forwarded-Proto $scheme;
-			proxy_set_header      Upgrade $http_upgrade;
-			proxy_set_header      Connection "Upgrade";
-		}
-		error_page 500 502 503 504 /50x.html;
-				location = /usr/share/nginx/html/50x.html {
-		}
-	}
-	{%- elif role in ['eval', 'managersearch', 'manager', 'standalone', 'import'] %}
-
-	{%- if airgap is sameas true %}
 	server {
 		listen 7788;
 		server_name {{ url_base }};
@@ -154,8 +77,7 @@ http {
 			autoindex_localtime on;
 		}
 	}
-	{%- endif %}
-
+	
 	server {
 		listen       443 ssl http2;
 		server_name  {{ url_base }};
@@ -252,7 +174,6 @@ http {
 			proxy_set_header      X-Forwarded-Proto $scheme;
 		} 

-		{%- if airgap is sameas true %}
 		location /repo/ {
 			allow all;
 			sendfile on;
@@ -262,7 +183,6 @@ http {
 			autoindex_format html;
 			autoindex_localtime on;
 		}
-		{%- endif %}
 		
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;
@@ -316,29 +236,7 @@ http {
 			proxy_set_header      X-Forwarded-Proto $scheme;
 		}

-		{%- if fleet_node %}
-
-		location /fleet/ {
-			return 307 https://{{ fleet_ip }}/fleet;
-		}
-
-		{%- else %}
-
-		location /fleet/ {
-			proxy_pass https://{{ manager_ip }}:8080;
-			proxy_read_timeout    90;
-			proxy_connect_timeout 90;
-			proxy_set_header      Host $host;
-			proxy_set_header      X-Real-IP $remote_addr;
-			proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
-			proxy_set_header      Proxy "";
-			proxy_set_header      X-Forwarded-Proto $scheme;		
-			proxy_set_header      Upgrade $http_upgrade;
-			proxy_set_header      Connection "Upgrade";
-		}
-
-		{%- endif %}
-		
+	
 		location /soctopus/ {
 			auth_request          /auth/sessions/whoami;
 			proxy_pass            http://{{ manager_ip }}:7000/;
@@ -355,10 +253,6 @@ http {
 			rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
 		}

-		location /kibana/app/fleet/ {
-			rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent;
-		}
-
 		location /kibana/app/soctopus/ {
 			rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
 		}