diff --git a/salt/nginx/config/ssl.crt b/salt/nginx/config/ssl.crt
new file mode 100644
index 000000000..16878f704
--- /dev/null
+++ b/salt/nginx/config/ssl.crt
@@ -0,0 +1 @@
+# Replace this text with the text from the .crt
\ No newline at end of file
diff --git a/salt/nginx/config/ssl.key b/salt/nginx/config/ssl.key
new file mode 100644
index 000000000..16878f704
--- /dev/null
+++ b/salt/nginx/config/ssl.key
@@ -0,0 +1 @@
+# Replace this text with the text from the .crt
\ No newline at end of file
diff --git a/salt/nginx/defaults.yaml b/salt/nginx/defaults.yaml
new file mode 100644
index 000000000..cf051274b
--- /dev/null
+++ b/salt/nginx/defaults.yaml
@@ -0,0 +1,3 @@
+nginx:
+    config:
+        replace_cert: False
\ No newline at end of file
diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index 623dae701..d09325f0e 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -1,11 +1,5 @@
+{%- from 'vars/globals.map.jinja' import GLOBALS %}
 {%- set role = grains.id.split('_') | last %}
-
-{%- set manager_ip = salt['pillar.get']('global:managerip', '') %}
-{%- set url_base = salt['pillar.get']('global:url_base') %}
-
-{%- set airgap = salt['pillar.get']('global:airgap', 'False') %}
-
-
 worker_processes auto;
 error_log /var/log/nginx/error.log;
 pid /run/nginx.pid;
@@ -42,13 +36,13 @@ http {
 	server {
 		listen 80 default_server;
 		server_name _;
-		return 307 https://{{ url_base }}$request_uri;
+		return 307 https://{{ GLOBALS.url_base }}$request_uri;
 	}
 
 	server {
 		listen 443 ssl http2 default_server;
 		server_name _;
-		return 307 https://{{ url_base }}$request_uri;
+		return 307 https://{{ GLOBALS.url_base }}$request_uri;
 
 		ssl_certificate "/etc/pki/nginx/server.crt";
 		ssl_certificate_key "/etc/pki/nginx/server.key";
@@ -66,7 +60,7 @@ http {
 
 	server {
 		listen 7788;
-		server_name {{ url_base }};
+		server_name {{ GLOBALS.url_base }};
 		root /opt/socore/html/repo;
 		location /rules/ {
 			allow all;
@@ -81,7 +75,7 @@ http {
 	
 	server {
 		listen       443 ssl http2;
-		server_name  {{ url_base }};
+		server_name  {{ GLOBALS.url_base }};
 		root         /opt/socore/html;
 		index        index.html;
 
@@ -100,7 +94,7 @@ http {
 		ssl_protocols TLSv1.2;
 
 		location ~* (^/login/.*|^/js/.*|^/css/.*|^/images/.*) {
-			proxy_pass            http://{{ manager_ip }}:9822;
+			proxy_pass            http://{{ GLOBALS.manager_ip }}:9822;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      x-user-id "";
@@ -117,7 +111,7 @@ http {
 			auth_request          /auth/sessions/whoami;
 			auth_request_set      $userid $upstream_http_x_kratos_authenticated_identity_id;
 			proxy_set_header      x-user-id $userid;
-			proxy_pass            http://{{ manager_ip }}:9822/;
+			proxy_pass            http://{{ GLOBALS.manager_ip }}:9822/;
 			proxy_read_timeout    300;
 			proxy_connect_timeout 300;
 			proxy_set_header      Host $host;
@@ -131,7 +125,7 @@ http {
 
 		location ~ ^/auth/.*?(whoami|login|logout|settings) {
 			rewrite               /auth/(.*) /$1 break;
-			proxy_pass            http://{{ manager_ip }}:4433;
+			proxy_pass            http://{{ GLOBALS.manager_ip }}:4433;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -188,7 +182,7 @@ http {
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /grafana/(.*) /$1 break;
-			proxy_pass            http://{{ manager_ip }}:3000/;
+			proxy_pass            http://{{ GLOBALS.manager_ip }}:3000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -201,7 +195,7 @@ http {
 		location /kibana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /kibana/(.*) /$1 break;
-			proxy_pass            http://{{ manager_ip }}:5601/;
+			proxy_pass            http://{{ GLOBALS.manager_ip }}:5601/;
 			proxy_read_timeout    300;
 			proxy_connect_timeout 300;
 			proxy_set_header      Host $host;
@@ -213,7 +207,7 @@ http {
 
 		location /nodered/ {
 			auth_request          /auth/sessions/whoami;
-			proxy_pass http://{{ manager_ip }}:1880/;
+			proxy_pass http://{{ GLOBALS.manager_ip }}:1880/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -227,7 +221,7 @@ http {
 		
 		location /playbook/ {
 			auth_request          /auth/sessions/whoami;
-			proxy_pass            http://{{ manager_ip }}:3200/playbook/;
+			proxy_pass            http://{{ GLOBALS.manager_ip }}:3200/playbook/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -240,7 +234,7 @@ http {
 	
 		location /soctopus/ {
 			auth_request          /auth/sessions/whoami;
-			proxy_pass            http://{{ manager_ip }}:7000/;
+			proxy_pass            http://{{ GLOBALS.manager_ip }}:7000/;
 			proxy_read_timeout    300;
 			proxy_connect_timeout 300;
 			proxy_set_header      Host $host;
@@ -262,7 +256,7 @@ http {
 			if ($http_authorization = "") {
 				return 403;
 			}
-			proxy_pass            http://{{ manager_ip }}:9822/;
+			proxy_pass            http://{{ GLOBALS.manager_ip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      x-user-id "";
diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls
index f5791fdd6..122093337 100644
--- a/salt/nginx/init.sls
+++ b/salt/nginx/init.sls
@@ -1,11 +1,7 @@
+{% from 'vars/globals.map.jinja' import GLOBALS %}
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}
 
-{% set MANAGER = salt['grains.get']('master') %}
-{% set VERSION = salt['pillar.get']('global:soversion') %}
-{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
-{% set ISAIRGAP = salt['pillar.get']('global:airgap') %}
-
 include:
   - ssl
 
@@ -85,7 +81,7 @@ navigatorenterpriseattack:
 
 so-nginx:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-nginx:{{ VERSION }}
+    - image: {{ GLOBALS.manager }}:5000/{{ GLOBALS.image_repo }}/so-nginx:{{ GLOBALS.so_version }}
     - hostname: so-nginx
     - binds:
       - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
@@ -108,9 +104,6 @@ so-nginx:
     - port_bindings:
       - 80:80
       - 443:443
-  {% if ISAIRGAP is sameas true %}
-      - 7788:7788
-  {% endif %}
     - watch:
       - file: nginxconf
       - file: nginxconfdir
diff --git a/salt/nginx/soc_nginx.yaml b/salt/nginx/soc_nginx.yaml
new file mode 100644
index 000000000..3fedc0208
--- /dev/null
+++ b/salt/nginx/soc_nginx.yaml
@@ -0,0 +1,16 @@
+nginx:
+  config:
+    replace_cert:
+      description: Replace the Security Onion Certigicate with your own?
+      global: True
+      advanced: True
+    ssl__key:
+      description: Paste your .key file here
+      file: True
+      title: SSL Key File
+      advanced: True
+    ssl__crt:
+      description: Paste your .crt file here
+      file: True
+      title: SSL Cert File
+      advanced: True
\ No newline at end of file