CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-20 16:03:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

[revert] Move proxy_pass back to ip

Browse Source
This commit is contained in:
William Wernert
2020-10-29 10:23:12 -04:00
parent 3abd1c9f16
commit 91221c4332
1 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
salt/nginx/etc/nginx.conf
View File

@@ -4,6 +4,7 @@
{% set main_ip = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %} {% set main_ip = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %}
{%- endif %} {%- endif %}
{%- set manager_ip = salt['pillar.get']('manager:mainip', '') %}
{%- set url_base = salt['pillar.get']('global:url_base') %} {%- set url_base = salt['pillar.get']('global:url_base') %}
{%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %} {%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %}
@@ -59,7 +60,7 @@ http {
{%- if role == 'fleet' %} {%- if role == 'fleet' %}
grpc_pass grpcs://{{ main_ip }}:8080; grpc_pass grpcs://{{ main_ip }}:8080;
{%- else %} {%- else %}
grpc_pass grpcs://{{ url_base }}:8080; grpc_pass grpcs://{{ manager_ip }}:8080;
{%- endif %} {%- endif %}
grpc_set_header Host $host; grpc_set_header Host $host;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -154,7 +155,7 @@ http {
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) { location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
proxy_pass http://{{ url_base }}:9822; proxy_pass http://{{ manager_ip }}:9822;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -168,7 +169,7 @@ http {
location / { location / {
auth_request /auth/sessions/whoami; auth_request /auth/sessions/whoami;
proxy_pass http://{{ url_base }}:9822/; proxy_pass http://{{ manager_ip }}:9822/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -182,7 +183,7 @@ http {
location ~ ^/auth/.*?(whoami|login|logout|settings) { location ~ ^/auth/.*?(whoami|login|logout|settings) {
rewrite /auth/(.*) /$1 break; rewrite /auth/(.*) /$1 break;
proxy_pass http://{{ url_base }}:4433; proxy_pass http://{{ manager_ip }}:4433;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -241,7 +242,7 @@ http {
location /grafana/ { location /grafana/ {
auth_request /auth/sessions/whoami; auth_request /auth/sessions/whoami;
rewrite /grafana/(.*) /$1 break; rewrite /grafana/(.*) /$1 break;
proxy_pass http://{{ url_base }}:3000/; proxy_pass http://{{ manager_ip }}:3000/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -254,7 +255,7 @@ http {
location /kibana/ { location /kibana/ {
auth_request /auth/sessions/whoami; auth_request /auth/sessions/whoami;
rewrite /kibana/(.*) /$1 break; rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ url_base }}:5601/; proxy_pass http://{{ manager_ip }}:5601/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -265,7 +266,7 @@ http {
} }
location /nodered/ { location /nodered/ {
proxy_pass http://{{ url_base }}:1880/; proxy_pass http://{{ manager_ip }}:1880/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -278,7 +279,7 @@ http {
} }
location /playbook/ { location /playbook/ {
proxy_pass http://{{ url_base }}:3200/playbook/; proxy_pass http://{{ manager_ip }}:3200/playbook/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -297,7 +298,7 @@ http {
{%- else %} {%- else %}
location /fleet/ { location /fleet/ {
proxy_pass https://{{ url_base }}:8080; proxy_pass https://{{ manager_ip }}:8080;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -310,7 +311,7 @@ http {
{%- endif %} {%- endif %}
location /thehive/ { location /thehive/ {
proxy_pass http://{{ url_base }}:9000/thehive/; proxy_pass http://{{ manager_ip }}:9000/thehive/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work proxy_http_version 1.1; # this is essential for chunked responses to work
@@ -322,7 +323,7 @@ http {
} }
location /cortex/ { location /cortex/ {
proxy_pass http://{{ url_base }}:9001/cortex/; proxy_pass http://{{ manager_ip }}:9001/cortex/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work proxy_http_version 1.1; # this is essential for chunked responses to work
@@ -334,7 +335,7 @@ http {
} }
location /soctopus/ { location /soctopus/ {
proxy_pass http://{{ url_base }}:7000/; proxy_pass http://{{ manager_ip }}:7000/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -360,7 +361,7 @@ http {
if ($http_authorization = "") { if ($http_authorization = "") {
return 403; return 403;
} }
proxy_pass http://{{ url_base }}:9822/; proxy_pass http://{{ manager_ip }}:9822/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;