cinek810 · December 5, 2017 19:41
diff --git a/icingaweb2 nginx.conf b/icingaweb2 nginx.conf
 server {
  listen *:443 ssl;
  server_name icinga;

  root /usr/share/icingaweb2/public; #Path of icinga2 web directory
  index index.php;
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  ssl_certificate icinga.pem;
  ssl_certificate_key icinga.key;
  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
  ssl_prefer_server_ciphers on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_timeout 5m;

  auth_basic "HTTP auth required";
  auth_basic_user_file /etc/icingaweb2/.http-users;


  location = /favicon.ico {
    log_not_found off;
    access_log off;
    expires max;
  }

  location ~ /\. {
    deny all;
    access_log off;
    log_not_found off;
  }

  location ~ \..*/.*\.php$ {
    return 403;
  }

  if (!-d $request_filename) {
    rewrite ^/(.+)/$ /$1 permanent;
  }
 location / {
        add_header 'Access-Control-Allow-Origin' 'https://grafana' always;
        add_header 'Access-Control-Allow-Methods' 'GET' always;
        add_header 'Access-Control-Allow-Headers' "Authorization" always;

  if ( $request_method = OPTIONS )
          {

                add_header 'Access-Control-Allow-Origin' 'https://grafana' always;
                add_header 'Access-Control-Allow-Methods' 'GET' always;
                add_header 'Access-Control-Allow-Headers' "Authorization" always;
                add_header 'Access-Control-Allow-Headers' "Authentication" always;
                                add_header 'Content-Length' 0 always;

                        return 200;
          }


    try_files $1 $uri $uri/ /index.php$is_args$args;

  }

  location ~ ^/index\.php(.*)$ {

        add_header 'Access-Control-Allow-Origin' 'https://grafana' always;
        add_header 'Access-Control-Allow-Methods' 'GET' always;
        add_header 'Access-Control-Allow-Headers' "Authorization" always;


    fastcgi_index index.php;
    include /etc/nginx/fastcgi_params;
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_read_timeout 300;

    fastcgi_pass unix:/var/run/php5-fpm.sock; #Replace with the port if php fpm is configured to run on port.
    fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php; #Replace with icinga2 web index.php file path.
    fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2;
    fastcgi_param REMOTE_USER $remote_user;
  }
 }
	server {
	listen *:443 ssl;
	server_name icinga;

	root /usr/share/icingaweb2/public; #Path of icinga2 web directory
	index index.php;
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	ssl_certificate icinga.pem;
	ssl_certificate_key icinga.key;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_session_timeout 5m;

	auth_basic "HTTP auth required";
	auth_basic_user_file /etc/icingaweb2/.http-users;


	location = /favicon.ico {
	log_not_found off;
	access_log off;
	expires max;
	}

	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}

	location ~ \../.\.php$ {
	return 403;
	}

	if (!-d $request_filename) {
	rewrite ^/(.+)/$ /$1 permanent;
	}
	location / {
	add_header 'Access-Control-Allow-Origin' 'https://grafana' always;
	add_header 'Access-Control-Allow-Methods' 'GET' always;
	add_header 'Access-Control-Allow-Headers' "Authorization" always;

	if ( $request_method = OPTIONS )
	{

	add_header 'Access-Control-Allow-Origin' 'https://grafana' always;
	add_header 'Access-Control-Allow-Methods' 'GET' always;
	add_header 'Access-Control-Allow-Headers' "Authorization" always;
	add_header 'Access-Control-Allow-Headers' "Authentication" always;
	add_header 'Content-Length' 0 always;

	return 200;
	}


	try_files $1 $uri $uri/ /index.php$is_args$args;

	}

	location ~ ^/index\.php(.*)$ {

	add_header 'Access-Control-Allow-Origin' 'https://grafana' always;
	add_header 'Access-Control-Allow-Methods' 'GET' always;
	add_header 'Access-Control-Allow-Headers' "Authorization" always;


	fastcgi_index index.php;
	include /etc/nginx/fastcgi_params;
	try_files $uri =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_read_timeout 300;

	fastcgi_pass unix:/var/run/php5-fpm.sock; #Replace with the port if php fpm is configured to run on port.
	fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php; #Replace with icinga2 web index.php file path.
	fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2;
	fastcgi_param REMOTE_USER $remote_user;
	}
	}