for cisagov#551, URL pivot links from dashboards to netbox

nginx/nginx.conf

@@ -142,6 +142,34 @@ http {
       client_max_body_size 50G;
     }
 
+    # netbox
+    location /netbox {
+      include /etc/nginx/nginx_auth_rt.conf;
+      proxy_pass http://netbox;
+      proxy_redirect off;
+      proxy_set_header Host netbox.malcolm.local;
+      proxy_set_header X-Forwarded-Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Remote-Auth $authenticated_user;
+    }
+    # netbox from dashboards pivot link (because Dashboards is prepending its own prefix, we have to handle it)
+    location ~* ^/dashboards/app/netbox/(.*) {
+      set $forwarded_scheme $scheme;
+      if ($http_x_forwarded_proto = 'https') {
+          set $forwarded_scheme https;
+      }
+      set $fwuri $1;
+      rewrite ^/dashboards/app/netbox/(.*) $forwarded_scheme://$host/netbox/$1 redirect;
+      proxy_pass http://netbox;
+      proxy_redirect off;
+      proxy_set_header Host netbox.malcolm.local;
+      proxy_set_header X-Forwarded-Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Remote-Auth $authenticated_user;
+    }
+
     # Arkime -> Dashboards shortcut
     location ~* /idark2dash(.*) {
       set $filter_start_time now-1d;
@@ -219,18 +247,6 @@ http {
       proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
     }
 
-    # netbox
-    location /netbox {
-      include /etc/nginx/nginx_auth_rt.conf;
-      proxy_pass http://netbox;
-      proxy_redirect off;
-      proxy_set_header Host netbox.malcolm.local;
-      proxy_set_header X-Forwarded-Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header X-Remote-Auth $authenticated_user;
-    }
-
     # Fix cyberchef JS module(s)
     # https://localhost/arkime/session/190924-KgO9H30qhdREw7ltsDXn1Rgp/modules/Regex.js
     location ~* ^/arkime/session/.*/(modules/.*\.js) {

nginx/nginx_readonly.conf

@@ -102,6 +102,35 @@ http {
       include /etc/nginx/nginx_idark2dash_rewrite_rt.conf;
     }
 
+    # netbox
+    location /netbox {
+      limit_except GET { deny all; }
+      proxy_pass http://netbox;
+      proxy_redirect off;
+      proxy_set_header Host netbox.malcolm.local;
+      proxy_set_header X-Forwarded-Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Remote-Auth $authenticated_user;
+    }
+    # netbox from dashboards pivot link (because Dashboards is prepending its own prefix, we have to handle it)
+    location ~* ^/dashboards/app/netbox/(.*) {
+    limit_except GET { deny all; }
+      set $forwarded_scheme $scheme;
+      if ($http_x_forwarded_proto = 'https') {
+          set $forwarded_scheme https;
+      }
+      set $fwuri $1;
+      rewrite ^/dashboards/app/netbox/(.*) $forwarded_scheme://$host/netbox/$1 redirect;
+      proxy_pass http://netbox;
+      proxy_redirect off;
+      proxy_set_header Host netbox.malcolm.local;
+      proxy_set_header X-Forwarded-Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Remote-Auth $authenticated_user;
+    }
+
     # Dashboards -> Arkime shortcut
     location ~* /iddash2ark/(.*) {
       set $forwarded_scheme $scheme;
@@ -152,18 +181,6 @@ http {
       proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
     }
 
-    # netbox
-    location /netbox {
-      limit_except GET { deny all; }
-      proxy_pass http://netbox;
-      proxy_redirect off;
-      proxy_set_header Host netbox.malcolm.local;
-      proxy_set_header X-Forwarded-Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header X-Remote-Auth $authenticated_user;
-    }
-
     # favicon, logos, banners, etc.
     include /etc/nginx/nginx_image_aliases.conf;