These config is using luascripting. So you have to compile nginx with luascripting.
Or if you are using install with apt:
sudo apt-get install nginx nginx-extras
-
-
Save bwbaugh/ae1be56db50619a3b495 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www-data; | |
worker_processes 1; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
server_tokens off; | |
server_names_hash_bucket_size 32; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
access_log /var/log/nginx/access.log; | |
error_log /var/log/nginx/error.log; | |
gzip on; | |
gzip_disable "msie6"; | |
# elasticsearch reverse proxy | |
server { | |
listen 5200; | |
server_name elasticsearch.frontend; | |
location / { | |
proxy_pass <address of elasticsearch, eg: http://127.0.0.1:9200, you have to set elasticsearch not to listen on every address by setting netword.bind_host: 127.0.0.1, see more: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-network.html>; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header Host $host; | |
# this is one the tricks, we should hide elasticsearch's header, | |
# because it returns asterisk which isnt allowed in cors request with authorization | |
proxy_hide_header 'Access-Control-Allow-Origin'; | |
add_header 'Access-Control-Allow-Origin' '<url of grafana>'; | |
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE'; | |
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type'; | |
add_header 'Access-Control-Allow-Credentials' 'true'; | |
if ($request_method = 'OPTIONS' ) { | |
# if request method is options we immediately return with 200 OK. | |
return 200; | |
} | |
# here comes the basic auth, after the options part | |
auth_basic 'Restricted'; | |
auth_basic_user_file <htpasswd file location>; | |
# trick number two: elasticsearch rest api follows rest conventions, so it returns on | |
# first save 201 Created response, but in cors it's not allowed | |
# we are resetting status to 200 if it's 201 using lua | |
header_filter_by_lua " | |
if ngx.status == 201 then | |
ngx.status = ngx.HTTP_OK | |
end | |
"; | |
} | |
} | |
# grafana hosting | |
server { | |
listen 5100; | |
auth_basic 'Restricted'; | |
auth_basic_user_file <location of htpasswd file>; | |
location / { | |
root <location of grafana src>; | |
} | |
} | |
# graphite reverse proxy | |
server { | |
listen 5000; | |
server_name graphite.frontend; | |
location / { | |
proxy_pass <address of graphite, eg: http://127.0.0.1:8000>; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header Host $host; | |
add_header 'Access-Control-Allow-Origin' '<url of grafana>'; | |
add_header 'Access-Control-Allow-Methods' 'GET, POST'; | |
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type'; | |
add_header 'Access-Control-Allow-Credentials' 'true'; | |
if ($request_method = 'OPTIONS' ) { | |
# if request method is options we immediately return with 200 OK. | |
return 200; | |
} | |
# here comes the basic auth, after the options part | |
auth_basic 'Restricted'; | |
auth_basic_user_file <htpasswd file location>; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment