CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1738 from Security-Onion-Solutions/bugfix/nginx-redirect

Browse Source 
Bugfix/nginx redirect
This commit is contained in:
William Wernert
2020-10-29 14:33:38 -04:00
committed by GitHub
parent b14c1d0999 91221c4332
commit b489fee8b5
9 changed files with 45 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
salt/nginx/etc/nginx.conf
View File

@@ -4,6 +4,7 @@
{% set main_ip = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %}
{%- endif %}
{%- set manager_ip = salt['pillar.get']('manager:mainip', '') %}
{%- set url_base = salt['pillar.get']('global:url_base') %}
{%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %}
@@ -61,7 +62,7 @@ http {
{%- if role == 'fleet' %}
grpc_pass grpcs://{{ main_ip }}:8080;
{%- else %}
grpc_pass grpcs://{{ url_base }}:8080;
grpc_pass grpcs://{{ manager_ip }}:8080;
{%- endif %}
grpc_set_header Host $host;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -158,7 +159,7 @@ http {
ssl_protocols TLSv1.2;
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
proxy_pass http://{{ url_base }}:9822;
proxy_pass http://{{ manager_ip }}:9822;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
@@ -172,7 +173,7 @@ http {
location / {
auth_request /auth/sessions/whoami;
proxy_pass http://{{ url_base }}:9822/;
proxy_pass http://{{ manager_ip }}:9822/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
@@ -186,7 +187,7 @@ http {
location ~ ^/auth/.*?(whoami|login|logout|settings) {
rewrite /auth/(.*) /$1 break;
proxy_pass http://{{ url_base }}:4433;
proxy_pass http://{{ manager_ip }}:4433;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
@@ -245,7 +246,7 @@ http {
location /grafana/ {
auth_request /auth/sessions/whoami;
rewrite /grafana/(.*) /$1 break;
proxy_pass http://{{ url_base }}:3000/;
proxy_pass http://{{ manager_ip }}:3000/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
@@ -258,7 +259,7 @@ http {
location /kibana/ {
auth_request /auth/sessions/whoami;
rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ url_base }}:5601/;
proxy_pass http://{{ manager_ip }}:5601/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
@@ -269,7 +270,7 @@ http {
}
location /nodered/ {
proxy_pass http://{{ url_base }}:1880/;
proxy_pass http://{{ manager_ip }}:1880/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
@@ -282,7 +283,7 @@ http {
}
location /playbook/ {
proxy_pass http://{{ url_base }}:3200/playbook/;
proxy_pass http://{{ manager_ip }}:3200/playbook/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
@@ -301,7 +302,7 @@ http {
{%- else %}
location /fleet/ {
proxy_pass https://{{ url_base }}:8080;
proxy_pass https://{{ manager_ip }}:8080;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
@@ -314,7 +315,7 @@ http {
{%- endif %}
location /thehive/ {
proxy_pass http://{{ url_base }}:9000/thehive/;
proxy_pass http://{{ manager_ip }}:9000/thehive/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work
@@ -326,7 +327,7 @@ http {
}
location /cortex/ {
proxy_pass http://{{ url_base }}:9001/cortex/;
proxy_pass http://{{ manager_ip }}:9001/cortex/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work
@@ -338,7 +339,7 @@ http {
}
location /soctopus/ {
proxy_pass http://{{ url_base }}:7000/;
proxy_pass http://{{ manager_ip }}:7000/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
@@ -364,7 +365,7 @@ http {
if ($http_authorization = "") {
return 403;
}
proxy_pass http://{{ url_base }}:9822/;
proxy_pass http://{{ manager_ip }}:9822/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;