Hello,
I am using Splunk with Nginx as a proxy. I am connecting to Splunk using SSL.
I would like to set up custom error pages depending on the connection: no certificate sent, untrusted certificate...
I am guessing this has to do with Nginx, not with Splunk. But I noticed that Splunk web has a few parameters such as:
ssoAuthFailureRedirect on /Documentation/Splunk/latest/Admin/Webconf
Right now, my web.conf looks like this:
[settings]
enableSplunkWebSSL = false
startwebserver = true
tools.proxy.on = true
tools.proxy.base = https://mywebsite.mydomain.com
ssoAuthFailureRedirect = /usr/share/nginx/html/405.html
remoteUser = X-Remote-User
SSOMode = strict
trustedIP = 127.0.0.1
sslVersions = tls
And my Nginx configuration:
server {
listen 443 ssl spdy default_server;
server_name myserver.mydomain.com;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_client_certificate /etc/nginx/certs/trusted_cas.pem;
ssl_verify_client on;
ssl_crl /etc/nginx/certs/crl.pem;
ssl_verify_depth 3;
ssl_protocols TLSv1.2;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5:!CAMELLIA:!SEED;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 10m;
ssl_session_tickets on;
add_header Strict-Transport-Security "max-age=31536000";
root /usr/share/nginx/html;
error_page 400 405 495 496 497 /4xx.html;
location = /4xx.html {
root /usr/share/nginx/html;
internal;
}
location / {
if ($ssl_client_verify != SUCCESS) {
return 495;
}
proxy_pass http://splunk;
proxy_intercept_errors on;
proxy_set_header X-Remote-User $username;
proxy_set_header X_Remote_User $username;
proxy_set_header X-SSL-Client-Serial $ssl_client_serial;
proxy_set_header X-SSL-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Client-S-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Client-S-DN-CN $username;
}
proxy_intercept_errors on; should allow me to manage errors from Nginx, instead of Splunk.
What the best way to manage error pages for login failures please?
Thanks a lot
↧