exclude transient ghcr.io network errors since it retries during setup

do not allow auth redirection to login page or home page; that serves no purpose
2026-02-26 17:05:37 +01:00 · 2026-02-26 10:14:07 -05:00 · 2026-02-25 17:58:35 -05:00
2 changed files with 8 additions and 2 deletions
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -383,12 +383,16 @@ http {
 		location @error401 {
 			if ($request_uri ~* (^/connect/.*|^/oauth2/.*)) {
-				return	  401;
+				return    401;
 			}
 			if ($request_uri ~* ^/(?!(^/api/.*))) {
 				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
 				add_header    Strict-Transport-Security   "max-age=31536000; includeSubDomains";
 			}
 			if ($request_uri ~* ^/(?!(api/|login|auth|oauth2|$))) {
 				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
 			}
 			return        302 /auth/self-service/login/browser;
 		}
--- a/setup/so-verify
+++ b/setup/so-verify
@@ -69,6 +69,8 @@ log_has_errors() {
        grep -vE "Running scope as unit" | \
        grep -vE "securityonion-resources/sigma/stable" | \
        grep -vE "remove_failed_vm.sls" | \
        grep -vE "failed to copy: httpReadSeeker" | \
        grep -vE "Error response from daemon: failed to resolve reference" | \
        grep -vE "log-.*-pipeline_failed_attempts" &> "$error_log"
    if [[ $? -eq 0 ]]; then
Author	SHA1	Message	Date
Jason Ertel	039e8db85f	exclude transient ghcr.io network errors since it retries during setup	2026-02-26 10:14:07 -05:00
Jason Ertel	c1c568e94d	do not allow auth redirection to login page or home page; that serves no purpose	2026-02-25 17:58:35 -05:00