-
Notifications
You must be signed in to change notification settings - Fork 363
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #304 from alcastronic/add-bloodhound-community
Add bloodhound community
- Loading branch information
Showing
9 changed files
with
274 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
{ | ||
"version": 1, | ||
"bind_addr": "0.0.0.0:8080", | ||
"metrics_port": ":2112", | ||
"root_url": "http://127.0.0.1:8080/", | ||
"work_dir": "/opt/bloodhound/work", | ||
"log_level": "INFO", | ||
"log_path": "bloodhound.log", | ||
"features": { | ||
"enable_auth": true | ||
}, | ||
"tls": { | ||
"cert_file": "", | ||
"key_file": "" | ||
}, | ||
"database": { | ||
"connection": "user=bloodhound password={{PGSQL_PASSWORD}} dbname=bloodhound host=redelk-bloodhound-postgres" | ||
}, | ||
"neo4j": { | ||
"connection": "neo4j://neo4j:{{NEO4J_PASSWORD}}@redelk-bloodhound-neo4j:7687/" | ||
}, | ||
"collectors_base_path": "/etc/bloodhound/collectors", | ||
"default_admin": { | ||
"principal_name": "admin", | ||
"password": "{{BLOODHOUND_PASSWORD}}", | ||
"first_name": "Bloodhound", | ||
"last_name": "Admin", | ||
"email_address": "{{BLOODHOUND_ADMIN_EMAIL}}" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
62 changes: 62 additions & 0 deletions
62
elkserver/mounts/nginx-config/full.bloodhound-conf.template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
upstream bloodhound_app { | ||
server redelk-bloodhound-app:8080; | ||
} | ||
|
||
server { | ||
listen 8443 ssl http2; | ||
|
||
#server_name ${EXTERNAL_DOMAIN}; | ||
server_tokens off; | ||
|
||
root /var/www/html; | ||
#auth_basic "Restricted Access"; | ||
#auth_basic_user_file /etc/nginx/conf.d/htpasswd.users; | ||
index index.html index.htm; | ||
autoindex on; | ||
|
||
ssl_certificate ${TLS_NGINX_CRT_PATH}; | ||
ssl_certificate_key ${TLS_NGINX_KEY_PATH}; | ||
ssl_session_timeout 1d; | ||
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions | ||
ssl_session_tickets off; | ||
|
||
# intermediate configuration | ||
ssl_protocols TLSv1.2 TLSv1.3; | ||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | ||
ssl_prefer_server_ciphers off; | ||
|
||
ssl_dhparam /etc/nginx/conf.d/ssl-dhparams.pem; | ||
|
||
# HSTS (ngx_http_headers_module is required) (63072000 seconds) | ||
add_header Strict-Transport-Security "max-age=63072000" always; | ||
|
||
# OCSP stapling | ||
#ssl_stapling on; | ||
#ssl_stapling_verify on; | ||
|
||
# verify chain of trust of OCSP response using Root CA and Intermediate certs | ||
ssl_trusted_certificate ${TLS_NGINX_CA_PATH}; | ||
|
||
location / { | ||
#auth_basic "Restricted Access"; | ||
#auth_basic_user_file /etc/nginx/conf.d/htpasswd.users; | ||
|
||
|
||
proxy_pass http://bloodhound_app; | ||
proxy_set_header Host $host; | ||
|
||
# Proxy headers | ||
proxy_set_header Upgrade $http_upgrade; | ||
proxy_set_header Connection $connection_upgrade; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto $scheme; | ||
proxy_set_header X-Forwarded-Host $host; | ||
proxy_set_header X-Forwarded-Port $server_port; | ||
|
||
# Proxy timeouts | ||
proxy_connect_timeout 60s; | ||
proxy_send_timeout 60s; | ||
proxy_read_timeout 60s; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
|
||
upstream neo4j_bolt { | ||
server redelk-bloodhound:7687; | ||
server redelk-bloodhound-neo4j:7687; | ||
} | ||
|
||
server { | ||
|
Oops, something went wrong.