CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #54 from dlee35/master

Browse Source 
Updated Fleet init.sls and nginx confs for fleet
This commit is contained in:
Mike Reeves
2018-12-12 16:34:35 -05:00
committed by GitHub
parent 90d648cef1 5c737e9fda
commit 8163beadb0
3 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
salt/common/nginx/nginx.conf.so-eval
View File

@@ -110,6 +110,20 @@ http {
proxy_set_header Proxy ""; proxy_set_header Proxy "";
} }
location /api/ {
proxy_pass https://{{ masterip }}:8080/api/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
location /fleet/ { location /fleet/ {
rewrite /fleet/(.*) /$1 break; rewrite /fleet/(.*) /$1 break;
proxy_pass https://{{ masterip }}:8080/; proxy_pass https://{{ masterip }}:8080/;

12
salt/common/nginx/nginx.conf.so-master
View File

@@ -111,6 +111,18 @@ http {
} }
location /api/ {
proxy_pass https://{{ masterip }}:8080/api/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
location /fleet/ { location /fleet/ {
rewrite /fleet/(.*) /$1 break; rewrite /fleet/(.*) /$1 break;

12
salt/fleet/init.sls
View File

@@ -10,6 +10,13 @@ fleetcdir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
fleetlogdir:
file.directory:
- name: /opt/so/log/fleet
- user: 939
- group: 939
- makedirs: True
fleetdb: fleetdb:
mysql_database.present: mysql_database.present:
- name: fleet - name: fleet
@@ -44,8 +51,11 @@ so-fleet:
- KOLIDE_SERVER_KEY=/ssl/server.key - KOLIDE_SERVER_KEY=/ssl/server.key
- KOLIDE_LOGGING_JSON=true - KOLIDE_LOGGING_JSON=true
- KOLIDE_AUTH_JWT_KEY=thisisatest - KOLIDE_AUTH_JWT_KEY=thisisatest
- KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/osquery/status.log
- KOLIDE_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
- binds: - binds:
- /etc/pki/fleet.key:/ssl/server.key:ro - /etc/pki/fleet.key:/ssl/server.key:ro
- /etc/pki/fleet.crt:/ssl/server.cert - /etc/pki/fleet.crt:/ssl/server.cert:ro
- /opt/so/log/fleet:/var/log/osquery
- watch: - watch:
- /opt/so/conf/fleet/etc - /opt/so/conf/fleet/etc