Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

5.2 Nginx Configuration Changes

5.2 Nginx Configuration Changes

Version

Cb Response 5.2

Topic

This document describes changes made in /etc/cb/nginx/conf.d/cb.conf to assist users though the upgrade process.

Changes

The original 5.2 cb.conf file is broken into several configuration files under includes/ directory. This new cb.conf file is nothing but a set of include statements that merges all the individual configuration files:

  1. includes/headers.includes - all common proxy headers.
  2. includes/cb.server.body - all common proxy server configuration, including SSL ciphers/protocol settings.
  3. includes/cb.server.api - proxy server configuration for all UI API endpoints including certificate and key locations to be used for UI communication.
  4. includes/cb.server.sensor - proxy server configuration for all sensor API endpoints, including certificate and key locations.
  5. includes/cb.server.custom - empty place-holder file for customer customizations.
    Note: The http.conf file is in /etc/cb/nginx/conf.d/ and not the includes directory. It doesn't have an includes line in cb.conf
  6. http.conf - implements redirection of requests to port 80 to 443 (can be used for redirection to a different port here.)

For Standard Configurations  (The UI is configured over 443)

Default Configuration

The Server will replace the default cb.conf configuration file with the new one with no changes needing to be made while upgrading.

Minor Configuration Changes

  1. If minor changes were made from cb.conf, you can make these changes to the original and rename cb.rpmnew to cb.5.2changes
    mv /etc/cb/nginx/conf.d/cb.conf.rpmnew /etc/cb/nginx/conf.d/cb.conf.5.2changes
  2. Backup your original configuration file:
    cp /etc/cb/nginx/conf.d/cb.conf /etc/cb/nginx/conf.d/cb.conf.bakDATE
  3. Comment out this line in /etc/cb/nginx/conf.d/cb.conf from:
    listen [::]:80 ipv6only=off;
    To
    #listen [::]:80 ipv6only=off;
    Note: For more information check here: Post Upgrade - Nginx won't start due to duplicate includes in cb.conf and http.conf
  4. Change Custom Configuration File Location. Make these changes in /etc/cb/nginx/conf.d/cb.conf or multihome.conf:
    Change the import directory of the custom configuration file from:
    # Include content of custom server configuration file
    include /etc/cb/nginx/conf.d/cb.server.custom;
    To
    # Include content of custom server configuration file
    include /etc/cb/nginx/conf.d/includes/cb.server.custom;
  5. If you have IPv6 disabled and are seeing the error in /var/log/cb/nginx/startup.log:

    nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)

    Comment out this line in /etc/cb/nginx/conf.d/http.conf:

    listen [::]:80 ipv6only=off;  

    To

    #listen [::]:80 ipv6only=off;
    Note: For more information check here: Post Install - nginx won't start with (IPv6) Error: Address family not supported by protocol

For Multihome Configurations (The UI is configured over 8443)

Follow the steps provided in this guide to migrate over to the new multihome format. This allows for easier upgrades in the future:

Migrating to a 5.2 Multihome Configuration File

Important Notes

For more information on upgrades in general check here: Upgrading to a new Cb Response Version

If cb-nginx won't start, check the bottom of /var/log/cb/nginx/startup.log for errors:

tail /var/log/cb/nginx/startup.log

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-12-2016
Views:
2255
Contributors