09-29-2022 04:06 AM - edited 09-29-2022 04:07 AM
I installed xsoar 6.6 according to the instructions and am using nginx as a front-end. I also configured nginx according to the instructions, but I am connecting to xsoar from nginx via http and port 8080 (as opposed to https/443 as used in the example nginx config).
I created the otc.conf.json file with the initial admin user and restarted the server, but I cannot login.
In the Chrome console, I see this when I open the xsoar page:
light-bundle-1647266668075.js?v=1647266668075:38 WebSocket connection to 'wss://xsoar.example.com/websocket' failed:
Oe @ light-bundle-1647266668075.js?v=1647266668075:38
(anonymous) @ light-bundle-1647266668075.js?v=1647266668075:315
n @ light-bundle-1647266668075.js?v=1647266668075:1
(anonymous) @ light-bundle-1647266668075.js?v=1647266668075:1
(anonymous) @ light-bundle-1647266668075.js?v=1647266668075:1
In the xsoar server.log file, I see these each time I try to login:
2022-09-29 05:51:37.4687 error CSRF values not match (source: /builds/GOPATH/src/code.pan.run/xsoar/server/web/middleware.go:447)
I have no idea what the problem is.
Does anyone have a clue?
01-17-2023 03:42 PM
I figured this out.
If you want to connect to xsoar via http via nginx as a https-terminated reverse proxy, you need to add this line to the first location directive:
proxy_cookie_path / "/; secure";
In the context of a nginx server{} section:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name xsoar.example.com;
ssl_certificate /etc/ssl/certs/example.com.cert.pem;
ssl_certificate_key /etc/ssl/certs/example.com.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
access_log /var/log/nginx/demisto.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
proxy_read_timeout 90;
proxy_cookie_path / "/; secure";
}
location ~ ^/(acc_\S+/)?(websocket|d1ws|d2ws) {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Origin "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}1. The certificate example is a wildcard cert for *.example.com.
2. The ssl config is handled in the http{} section which is not included here.
3. This assumes xsoar is listening on http port 80.
4. ipv6 and http v2 are also included above.
5. Remember to reload nginx.
The /etc/demisto.conf:
{
"Server": {
"HttpPort": "8080"
},
"container": {
"engine": {
"type": "docker"
}
},
"custom": {
"fields": {
"validate": {
"grid": {
"values": true
}
}
}
},
"db": {
"index": {
"entry": {
"disable": true
}
}
}
}1. Remember to reload demisto.
10-05-2022 03:10 AM
Hi @bchill ,
In order to get better traction for this I'm moving this discussion to the Cortex XSOAR area.
Cheers,
-Kiwi.
10-19-2022 12:35 PM
Update:
The websockets error also comes up when I set up xsoar directly on 443 (i.e. w/o nginx, etc), but logins do work as expected. The CSRF match errors do not show up in the server.log, however. That means that the websockets error is benign and not related. This is clearly about the CSRF matching.
01-17-2023 03:42 PM
I figured this out.
If you want to connect to xsoar via http via nginx as a https-terminated reverse proxy, you need to add this line to the first location directive:
proxy_cookie_path / "/; secure";
In the context of a nginx server{} section:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name xsoar.example.com;
ssl_certificate /etc/ssl/certs/example.com.cert.pem;
ssl_certificate_key /etc/ssl/certs/example.com.key.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
access_log /var/log/nginx/demisto.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
proxy_read_timeout 90;
proxy_cookie_path / "/; secure";
}
location ~ ^/(acc_\S+/)?(websocket|d1ws|d2ws) {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Origin "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}1. The certificate example is a wildcard cert for *.example.com.
2. The ssl config is handled in the http{} section which is not included here.
3. This assumes xsoar is listening on http port 80.
4. ipv6 and http v2 are also included above.
5. Remember to reload nginx.
The /etc/demisto.conf:
{
"Server": {
"HttpPort": "8080"
},
"container": {
"engine": {
"type": "docker"
}
},
"custom": {
"fields": {
"validate": {
"grid": {
"values": true
}
}
}
},
"db": {
"index": {
"entry": {
"disable": true
}
}
}
}1. Remember to reload demisto.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
