I'm trying to implement this for oauth:
https://github.com/bitly/google_auth_proxy
Before using that, I tried simple proxying with nginx.
Here is my nginx config which does not work:
server {
listen 443 default ssl;
server_name splunk.mydomain.com;
ssl on;
ssl_certificate /etc/nginx/ssl/wild.mydomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
add_header Strict-Transport-Security max-age=1209600;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_pass http://10.13.5.29:8000/;
}
That doesn't work and seem to direct back to http://splunk.mydomain.com
This is my apache config which works:
<VirtualHost *:80>
ServerName splunk.mydomain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ProxyPreserveHost On
ProxyPass /cgi-bin !
ProxyPass / http://10.13.5.29:8000/ retry=0
ProxyPassReverse / http://10.13.5.29:8000/ retry=0
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
This is my web.conf file:
[settings]
enableSplunkWebSSL = 0
tools.sessions.timeout = 4320
enable_autocomplete_login = True
tools.proxy.on = True
SSOMode = permissive
tools.proxy.base = http://10.13.5.29:8000
Using splunk 5
Anything I'm doing wrong?
I spent a few hours on this and got this working. I wanted to share as I'm both a fan of NGINX and Splunk. I am using NGINX v1.6.2 and Splunk (on Windows) v6.2.2
Your Site .conf file referenced in nginx.conf
server {
listen <IP-Address-of-NGINX-For-Splunk>:80;
server_name <URL-You-Set-In-DNS-For-Splunk>;
location / {
# Redirect to HTTPS
return 301 https://$server_name$request_uri;
}
}
server {
listen <IP-Address-of-NGINX-For-Splunk>:443 ssl;
server_name <URL-You-Set-In-DNS-For-Splunk>;
#Resolve HTTP Error 414 Request-URI-Too-Large
large_client_header_buffers 6 16k;
#Certificate & Key .PEM Format
ssl_certificate /etc/ssl/<name-of-cert>.crt;
ssl_certificate_key /etc/ssl/<name-of-key>.key;
#PFS
ssl_dhparam /etc/ssl/<name-of-DH-key>.dh;
#HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#OSCP
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/alk-splunk02.oscp;
#CIPHERS
include sites.common;
location / {
proxy_pass_request_headers on;
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_pass https://<IP-Address-of-Your-Splunk-Server>:8000;
}
}
A+ Rating on SSL Labs provided you have a SHA256 Cert from trusted CA and intermediates provided inside .crt file
This is sites.common:
#OSCP Stapling
resolver <DNS-Server-IP-1-You-Want> <DNS-Server-IP-2-You-Want> valid=300s;
resolver_timeout 5s;
#Cipher Specification and Session Cache
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL';
proxy_ssl_session_reuse off;