Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
m
Mystery Incorporated
08/09/2021, 2:31 PMYay I have working nginx conf, I will write a medium post so others can do it too because it needn't be such a mystery
🔎 1
s
Sarah Gillespie
08/09/2021, 3:02 PMZoinks!
😂 1
d
defensivedepth
08/09/2021, 3:30 PMWhat specifically were you working on RE: nginx?
m
Mystery Incorporated
08/09/2021, 4:07 PMsplitting UI and agent traffic, having an LE cert for UI and using my self signed cert using ed448 (for CA) and ed25519 (for server) for the agent api.
All the doco I could find was using old kolide endpoints that don't exist anymore or have been renamed.
Also split the domains so for e.g. ui.fleet.mydomain.com and api.fleet.mydomain.com (didn't use this naming scheme tho) so the UI is accessed on a different domain than the agents use.
This also allows me to set up a honey pot that looks for anything trying to access the api on my UI domain, or anything trying to access the UI on my api domain :)
d
defensivedepth
08/09/2021, 4:14 PMya, I do need to update my post to use the non-kolide endpoints (https://defensivedepth.com/2020/04/02/kolide-fleet-breaking-out-the-osquery-api-web-ui/)
m
Mystery Incorporated
08/10/2021, 12:49 PM@defensivedepth yes yours was my starting point (and I'll reference it so in my article)