309 lines
8.6 KiB
Nginx Configuration File
309 lines
8.6 KiB
Nginx Configuration File
# Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved.
|
|
|
|
daemon off;
|
|
|
|
worker_processes 1;
|
|
|
|
events { worker_connections 1024; }
|
|
|
|
http {
|
|
|
|
include /etc/nginx/mime.types;
|
|
sendfile on;
|
|
|
|
client_max_body_size 20m;
|
|
|
|
fastcgi_buffers 16 64k;
|
|
fastcgi_buffer_size 256k;
|
|
fastcgi_read_timeout 300s;
|
|
fastcgi_busy_buffers_size 384k;
|
|
fastcgi_request_buffering off;
|
|
|
|
proxy_connect_timeout 180s;
|
|
proxy_read_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
proxy_buffer_size 512k;
|
|
proxy_buffers 16 4m;
|
|
proxy_busy_buffers_size 16m;
|
|
|
|
# if LDAP authentication is enabled, this will configure the ldap_server section
|
|
include /etc/nginx/nginx_ldap_rt.conf;
|
|
|
|
upstream docker-arkime {
|
|
server arkime:8005;
|
|
}
|
|
|
|
upstream docker-malcolm-readme {
|
|
server arkime:8000;
|
|
}
|
|
|
|
upstream docker-upload {
|
|
server upload:80;
|
|
}
|
|
|
|
upstream docker-htadmin {
|
|
server htadmin:80;
|
|
}
|
|
|
|
upstream docker-kibana {
|
|
server kibana:5601;
|
|
}
|
|
|
|
upstream docker-kibana-maps {
|
|
server kibana-helper:28991;
|
|
}
|
|
|
|
upstream docker-elasticsearch {
|
|
server elasticsearch:9200;
|
|
}
|
|
|
|
upstream docker-logstash-stats {
|
|
server logstash:9600;
|
|
}
|
|
|
|
upstream docker-name-map-ui {
|
|
server name-map-ui:8080;
|
|
}
|
|
|
|
upstream docker-extracted-file-http-server {
|
|
server file-monitor:8440;
|
|
}
|
|
|
|
# htadmin (htpasswd/user management)
|
|
server {
|
|
listen 488 ssl;
|
|
ssl_certificate /etc/nginx/certs/cert.pem;
|
|
ssl_certificate_key /etc/nginx/certs/key.pem;
|
|
|
|
location / {
|
|
proxy_pass http://docker-htadmin;
|
|
proxy_redirect off;
|
|
proxy_set_header Host htadmin.malcolm.local;
|
|
}
|
|
}
|
|
|
|
# Arkime interface
|
|
server {
|
|
listen 443 ssl;
|
|
ssl_certificate /etc/nginx/certs/cert.pem;
|
|
ssl_certificate_key /etc/nginx/certs/key.pem;
|
|
|
|
# use either auth_basic or auth_ldap
|
|
include /etc/nginx/nginx_auth_rt.conf;
|
|
|
|
# Malcolm readme
|
|
location /readme {
|
|
proxy_pass http://docker-malcolm-readme/README.html;
|
|
proxy_redirect off;
|
|
proxy_set_header Host arkime.malcolm.local;
|
|
}
|
|
|
|
# Malcolm file upload
|
|
location /upload {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_pass http://docker-upload/;
|
|
proxy_redirect off;
|
|
proxy_set_header Host upload.malcolm.local;
|
|
proxy_request_buffering off;
|
|
proxy_buffering off;
|
|
client_max_body_size 20G;
|
|
}
|
|
location /server/php {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_pass http://docker-upload/server/php/;
|
|
proxy_redirect off;
|
|
proxy_set_header Host upload.malcolm.local;
|
|
proxy_request_buffering off;
|
|
proxy_buffering off;
|
|
client_max_body_size 20G;
|
|
}
|
|
|
|
# Logstash statistics
|
|
location ~* ^/logstash\b(.*) {
|
|
proxy_pass http://docker-logstash-stats/_node/stats$1;
|
|
proxy_redirect off;
|
|
proxy_set_header Host arkime.malcolm.local;
|
|
}
|
|
|
|
# Arkime -> Kibana shortcut
|
|
location ~* ^/idmol2kib(.*) {
|
|
|
|
set $filter_start_time now-1d;
|
|
if ($arg_start != '') {
|
|
set $filter_start_time \'$arg_start\';
|
|
}
|
|
|
|
set $filter_stop_time now;
|
|
if ($arg_stop != '') {
|
|
set $filter_stop_time \'$arg_stop\';
|
|
}
|
|
|
|
set $filter_field undefined;
|
|
if ($arg_field != '') {
|
|
set $filter_field $arg_field;
|
|
}
|
|
|
|
set $filter_value undefined;
|
|
if ($arg_value != '') {
|
|
set $filter_value $arg_value;
|
|
}
|
|
|
|
rewrite ^/idmol2kib/(.*) /kibana/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:$filter_start_time,mode:absolute,to:$filter_stop_time))&_a=(columns:!(_source),filters:!((meta:(alias:!n,disabled:!f,index:'sessions2-*',key:$filter_field,negate:!f,params:(query:'$filter_value',type:phrase),type:phrase,value:'$filter_value'),query:(match:($filter_field:(query:'$filter_value',type:phrase))))),index:'sessions2-*',interval:auto,query:(language:lucene,query:''),sort:!(firstPacket,desc)) redirect;
|
|
proxy_pass http://docker-kibana;
|
|
proxy_redirect off;
|
|
proxy_set_header Host kibana.malcolm.local;
|
|
}
|
|
|
|
# Kibana -> Arkime shortcut
|
|
location ~* /idkib2mol/(.*) {
|
|
rewrite ^.*/idkib2mol/(.*) /sessions?expression=($1) redirect;
|
|
proxy_pass http://docker-arkime;
|
|
proxy_redirect off;
|
|
proxy_set_header Host arkime.malcolm.local;
|
|
proxy_set_header http_auth_http_user $remote_user;
|
|
proxy_set_header Authorization "";
|
|
}
|
|
|
|
# Kibana/Arkime -> extracted file download
|
|
location ~* /dl-extracted-files/(.*) {
|
|
rewrite ^.*/dl-extracted-files/(.*) /extracted-files/$1 redirect;
|
|
proxy_pass http://docker-extracted-file-http-server;
|
|
proxy_redirect off;
|
|
proxy_set_header Host file-monitor.malcolm.local;
|
|
}
|
|
|
|
# already prepended /kibana to match the server.basePath in kibana's YML config file
|
|
location /kibana {
|
|
proxy_pass http://docker-kibana;
|
|
proxy_redirect off;
|
|
proxy_set_header Host kibana.malcolm.local;
|
|
}
|
|
|
|
# otherwise (from old kibana bookmarks), prepend /kibana to match the server.basePath in kibana's YML config file
|
|
location /app {
|
|
proxy_pass http://docker-kibana/kibana/app;
|
|
proxy_redirect off;
|
|
proxy_set_header Host kibana.malcolm.local;
|
|
}
|
|
|
|
# offline region maps for kibana
|
|
location /world.geojson {
|
|
proxy_pass http://docker-kibana-maps;
|
|
proxy_redirect off;
|
|
proxy_set_header Host kibana-helper.malcolm.local;
|
|
}
|
|
|
|
# name-map-ui (UI for mapping names to network hosts and subnets)
|
|
location /name-map-ui {
|
|
proxy_pass http://docker-name-map-ui/;
|
|
proxy_redirect off;
|
|
proxy_set_header Host name-map-ui.malcolm.local;
|
|
proxy_cache off;
|
|
}
|
|
|
|
location ~* ^/extracted-files\b(.*) {
|
|
proxy_pass http://docker-extracted-file-http-server$1;
|
|
proxy_redirect off;
|
|
proxy_set_header Host file-monitor.malcolm.local;
|
|
}
|
|
|
|
location = /favicon.ico {
|
|
alias /etc/nginx/favicon.ico;
|
|
}
|
|
|
|
# Fix cyberchef JS module(s)
|
|
# https://localhost/moloch/session/190924-KgO9H30qhdREw7ltsDXn1Rgp/modules/Regex.js
|
|
location ~* ^/moloch/session/.*/(modules/.*\.js) {
|
|
proxy_hide_header Content-Type;
|
|
proxy_set_header Content-Type "application/javascript";
|
|
add_header Content-Type "application/javascript";
|
|
default_type application/javascript;
|
|
add_header X-Content-Type-Options 'nosniff';
|
|
proxy_pass http://docker-arkime/cyberchef/$1;
|
|
proxy_redirect off;
|
|
proxy_set_header Host arkime.malcolm.local;
|
|
proxy_set_header http_auth_http_user $remote_user;
|
|
proxy_set_header Authorization "";
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://docker-arkime;
|
|
proxy_redirect off;
|
|
proxy_set_header Host arkime.malcolm.local;
|
|
proxy_set_header http_auth_http_user $remote_user;
|
|
proxy_set_header Authorization "";
|
|
}
|
|
}
|
|
|
|
# Kibana interface
|
|
server {
|
|
listen 5601 ssl;
|
|
ssl_certificate /etc/nginx/certs/cert.pem;
|
|
ssl_certificate_key /etc/nginx/certs/key.pem;
|
|
|
|
# use either auth_basic or auth_ldap
|
|
include /etc/nginx/nginx_auth_rt.conf;
|
|
|
|
location = /favicon.ico {
|
|
alias /etc/nginx/favicon.ico;
|
|
}
|
|
|
|
# Kibana -> Arkime shortcut
|
|
location ~* /idkib2mol/(.*) {
|
|
rewrite ^.*/idkib2mol/(.*) /sessions?expression=($1) redirect;
|
|
proxy_pass http://docker-arkime;
|
|
proxy_redirect off;
|
|
proxy_set_header Host arkime.malcolm.local;
|
|
proxy_set_header http_auth_http_user $remote_user;
|
|
proxy_set_header Authorization "";
|
|
}
|
|
|
|
# Kibana -> extracted file download
|
|
location ~* /dl-extracted-files/(.*) {
|
|
rewrite ^.*/dl-extracted-files/(.*) /extracted-files/$1 redirect;
|
|
proxy_pass http://docker-extracted-file-http-server;
|
|
proxy_redirect off;
|
|
proxy_set_header Host file-monitor.malcolm.local;
|
|
}
|
|
|
|
# already prepended /kibana to match the server.basePath in kibana's YML config file
|
|
location /kibana {
|
|
proxy_pass http://docker-kibana;
|
|
proxy_redirect off;
|
|
proxy_set_header Host kibana.malcolm.local;
|
|
}
|
|
|
|
# otherwise prepend /kibana to match the server.basePath in kibana's YML config file
|
|
location / {
|
|
rewrite ^/(.*) /kibana/$1;
|
|
proxy_pass http://docker-kibana;
|
|
proxy_redirect off;
|
|
proxy_set_header Host kibana.malcolm.local;
|
|
}
|
|
}
|
|
|
|
# Elasticsearch API
|
|
server {
|
|
listen 9200 ssl;
|
|
ssl_certificate /etc/nginx/certs/cert.pem;
|
|
ssl_certificate_key /etc/nginx/certs/key.pem;
|
|
|
|
# use either auth_basic or auth_ldap
|
|
include /etc/nginx/nginx_auth_rt.conf;
|
|
|
|
location = /favicon.ico {
|
|
alias /etc/nginx/favicon.ico;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://docker-elasticsearch;
|
|
proxy_redirect off;
|
|
proxy_set_header Host es.malcolm.local;
|
|
client_max_body_size 50m;
|
|
}
|
|
}
|
|
|
|
}
|