Abstract
Configure NGINX on a Cortex XSIAM engine.
Follow these instructions to configure NGINX on an engine.
Open the following NGINX configuration file with your preferred editor:
/etc/nginx/conf.d/demisto.conf
Use the following configuration template:
Replace
DEMISTO_ENGINE
with the appropriate hostname.# Replace DEMISTO_ENGINE with the appropriate hostname. If needed, change port 443 to the port on which the engine is listening. upstream demisto { server DEMISTO_ENGINE:443; } # Uncomment to redirect http to https (optional) # server { # listen 80; # return 301 https://$host$request_uri; # } server { # Change the port if you want NGINX to listen on a different port listen 443; ssl_certificate /etc/nginx/cert.crt; ssl_certificate_key /etc/nginx/cert.key; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; access_log /var/log/nginx/demisto.access.log; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass https://demisto; proxy_read_timeout 90; } location ~ ^/(websocket|d1ws|d2ws) { proxy_pass https://demisto; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header Origin ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
Restart the NGINX server, by typing the following command:
sudo service nginx restart
Verify you can access the engine by browsing to the NGINX server host.