nginx: enabled: description: Enables or disables the Nginx web server and reverse proxy. WARNING - Disabling this process will prevent access to SOC and other important web interfaces and APIs. Re-enabling the process is a manual effort. Do not change this setting without instruction from Security Onion support. forcedType: bool advanced: True helpLink: nginx external_suricata: description: Enable this to allow external access to Suricata Rulesets managed by Detections. advanced: True helpLink: nginx forcedType: bool ssl: replace_cert: description: Enable this if you would like to replace the Security Onion Certificate with your own. global: True advanced: True forcedType: bool title: Replace Default Cert helpLink: nginx ssl__key: description: If you enabled the replace_cert option, paste the contents of your .key file here. file: True title: SSL/TLS Key File advanced: True global: True helpLink: nginx ssl__crt: description: If you enabled the replace_cert option, paste the contents of your .crt file here. file: True title: SSL/TLS Cert File advanced: True global: True helpLink: nginx alt_names: description: Provide a list of alternate names to allow remote systems the ability to refer to the SOC API as another hostname. global: True forcedType: '[]string' multiline: True helpLink: nginx config: throttle_login_burst: description: Number of login requests that can burst without triggering request throttling. Higher values allow more repeated login attempts. Values greater than zero are required in order to provide a usable login flow. global: True helpLink: nginx throttle_login_rate: description: Number of login API requests per minute that can be processed without triggering a rate limit. Higher values allow more repeated login attempts. Requests are counted by unique client IP and averaged over time. Note that a single login flow will perform multiple requests to the login API, so this value will need to be adjusted accordingly. global: True helpLink: nginx