From 5c737e9fda6340572ce3912ab034dba1143c14a0 Mon Sep 17 00:00:00 2001
From: dlee35 <dlee35@gmail.com>
Date: Wed, 12 Dec 2018 16:19:35 -0500
Subject: [PATCH] Updated Fleet init.sls and nginx confs for fleet

---
 salt/common/nginx/nginx.conf.so-eval   | 14 ++++++++++++++
 salt/common/nginx/nginx.conf.so-master | 12 ++++++++++++
 salt/fleet/init.sls                    | 12 +++++++++++-
 3 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/salt/common/nginx/nginx.conf.so-eval b/salt/common/nginx/nginx.conf.so-eval
index 4ffb2835f..50f48497d 100644
--- a/salt/common/nginx/nginx.conf.so-eval
+++ b/salt/common/nginx/nginx.conf.so-eval
@@ -110,6 +110,20 @@ http {
           proxy_set_header      Proxy "";
 
         }
+
+        location /api/ {
+          proxy_pass https://{{ masterip }}:8080/api/;
+          proxy_read_timeout    90;
+          proxy_connect_timeout 90;
+          proxy_set_header      Upgrade $http_upgrade;
+          proxy_set_header      Connection "Upgrade";
+          proxy_set_header      Host $host;
+          proxy_set_header      X-Real-IP $remote_addr;
+          proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header      Proxy "";
+
+        }
+
         location /fleet/ {
 	  rewrite /fleet/(.*) /$1 break;
           proxy_pass https://{{ masterip }}:8080/;
diff --git a/salt/common/nginx/nginx.conf.so-master b/salt/common/nginx/nginx.conf.so-master
index 535009c71..50f48497d 100644
--- a/salt/common/nginx/nginx.conf.so-master
+++ b/salt/common/nginx/nginx.conf.so-master
@@ -111,6 +111,18 @@ http {
 
         }
 
+        location /api/ {
+          proxy_pass https://{{ masterip }}:8080/api/;
+          proxy_read_timeout    90;
+          proxy_connect_timeout 90;
+          proxy_set_header      Upgrade $http_upgrade;
+          proxy_set_header      Connection "Upgrade";
+          proxy_set_header      Host $host;
+          proxy_set_header      X-Real-IP $remote_addr;
+          proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header      Proxy "";
+
+        }
 
         location /fleet/ {
 	  rewrite /fleet/(.*) /$1 break;
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index a90377b1f..c5d77a7ec 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -10,6 +10,13 @@ fleetcdir:
     - group: 939
     - makedirs: True
 
+fleetlogdir:
+  file.directory:
+    - name: /opt/so/log/fleet
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 fleetdb:
   mysql_database.present:
     - name: fleet
@@ -44,8 +51,11 @@ so-fleet:
       - KOLIDE_SERVER_KEY=/ssl/server.key
       - KOLIDE_LOGGING_JSON=true
       - KOLIDE_AUTH_JWT_KEY=thisisatest
+      - KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/osquery/status.log
+      - KOLIDE_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
     - binds:
       - /etc/pki/fleet.key:/ssl/server.key:ro
-      - /etc/pki/fleet.crt:/ssl/server.cert
+      - /etc/pki/fleet.crt:/ssl/server.cert:ro
+      - /opt/so/log/fleet:/var/log/osquery
     - watch:
       - /opt/so/conf/fleet/etc