Updated Fleet init.sls and nginx confs for fleet

2025-12-06 17:22:49 +01:00 · 2018-12-12 16:19:35 -05:00
parent d12f49aa9d
commit 5c737e9fda
3 changed files with 37 additions and 1 deletions
--- a/salt/common/nginx/nginx.conf.so-eval
+++ b/salt/common/nginx/nginx.conf.so-eval
@@ -110,6 +110,20 @@ http {
          proxy_set_header      Proxy "";

        }
+
+        location /api/ {
+          proxy_pass https://{{ masterip }}:8080/api/;
+          proxy_read_timeout    90;
+          proxy_connect_timeout 90;
+          proxy_set_header      Upgrade $http_upgrade;
+          proxy_set_header      Connection "Upgrade";
+          proxy_set_header      Host $host;
+          proxy_set_header      X-Real-IP $remote_addr;
+          proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header      Proxy "";
+
+        }
+
        location /fleet/ {
 	  rewrite /fleet/(.*) /$1 break;
          proxy_pass https://{{ masterip }}:8080/;
--- a/salt/common/nginx/nginx.conf.so-master
+++ b/salt/common/nginx/nginx.conf.so-master
@@ -111,6 +111,18 @@ http {

        }

+        location /api/ {
+          proxy_pass https://{{ masterip }}:8080/api/;
+          proxy_read_timeout    90;
+          proxy_connect_timeout 90;
+          proxy_set_header      Upgrade $http_upgrade;
+          proxy_set_header      Connection "Upgrade";
+          proxy_set_header      Host $host;
+          proxy_set_header      X-Real-IP $remote_addr;
+          proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header      Proxy "";
+
+        }

        location /fleet/ {
 	  rewrite /fleet/(.*) /$1 break;
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -10,6 +10,13 @@ fleetcdir:
    - group: 939
    - makedirs: True

+fleetlogdir:
+  file.directory:
+    - name: /opt/so/log/fleet
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 fleetdb:
  mysql_database.present:
    - name: fleet
@@ -44,8 +51,11 @@ so-fleet:
      - KOLIDE_SERVER_KEY=/ssl/server.key
      - KOLIDE_LOGGING_JSON=true
      - KOLIDE_AUTH_JWT_KEY=thisisatest
+      - KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/osquery/status.log
+      - KOLIDE_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
    - binds:
      - /etc/pki/fleet.key:/ssl/server.key:ro
-      - /etc/pki/fleet.crt:/ssl/server.cert
+      - /etc/pki/fleet.crt:/ssl/server.cert:ro
+      - /opt/so/log/fleet:/var/log/osquery
    - watch:
      - /opt/so/conf/fleet/etc