Configure NGINX on an Engine - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-02
Category
Administrator Guide
Abstract

Configure NGINX on a Cortex XSIAM engine.

Follow these instructions to configure NGINX on an engine.

  1. Open the following NGINX configuration file with your preferred editor:

    /etc/nginx/conf.d/demisto.conf

  2. Use the following configuration template:

    Replace DEMISTO_ENGINE with the appropriate hostname.

    # Replace DEMISTO_ENGINE with the appropriate hostname. If needed, change port 443 to the port on which the engine is listening.
    
    upstream demisto {
        server DEMISTO_ENGINE:443;
    }
    
    # Uncomment to redirect http to https (optional)
    # server {
    #     listen 80;
    #     return 301 https://$host$request_uri;
    # }
    
    server {
       # Change the port if you want NGINX to listen on a different port
        listen 443;
        
        ssl_certificate           /etc/nginx/cert.crt;
        ssl_certificate_key       /etc/nginx/cert.key;
    
        ssl on;
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;
    
        access_log            /var/log/nginx/demisto.access.log;
    
        location / {
    
          proxy_set_header        Host $host;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
    
          proxy_pass          https://demisto;
          proxy_read_timeout  90;
        }
    
        location ~ ^/(websocket|d1ws|d2ws) {
            proxy_pass https://demisto;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_set_header Origin "";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
  3. Restart the NGINX server, by typing the following command:

    sudo service nginx restart

  4. Verify you can access the engine by browsing to the NGINX server host.