garthk · March 25, 2013 04:34
diff --git a/kibana-front-end.conf b/kibana-front-end.conf
 server.modules += ( "mod_auth" )
 server.modules += ( "mod_proxy" )
 accesslog.filename = "/var/log/lighttpd/logs-access.log"

 # server.bind = "0.0.0.0"

 $SERVER["socket"] == ":80" {
    $HTTP["remoteip"] =~ "^10\.10\.10\." {
        # hosts in the 10.10.10.10 range can access :80/api/ subroot
        $HTTP["url"] !~ "^/api/" {
            # not API? redirect as for everyone else
            $HTTP["host"] =~ "(.*)" {
                url.redirect = ( "^(.*)" => "https://%1$1" )
            }
        }
        proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "5601" ) ) )
    } else $HTTP["host"] =~ "(.*)" {
        # everyone else gets redirected to HTTPS and LDAP
        url.redirect = ( "^(.*)" => "https://%1$1" )
    }
 }

 $SERVER["socket"] == ":443" {
    protocol = "https://"
    ssl.engine  = "enable"
    ssl.pemfile = "/etc/logstash-central/server.pem"
    ssl.use-sslv2 = "disable"

 #    debug.log-request-header = "enable"
 #    debug.log-response-header = "enable"
 #    debug.log-request-handling = "enable"
 #    debug.log-file-not-found = "enable"

    auth.backend = "ldap"
    auth.backend.ldap.hostname = "LDAP-HOST:389"
    auth.backend.ldap.base-dn = "ou=employees,o=example.com"
    auth.backend.ldap.bind-dn = "uid=kibana,ou=apps,o=example.com"
    auth.backend.ldap.bind-pw = "BIND-PASSWORD"
    auth.backend.ldap.filter   = "(uid=$)"

    auth.require = (
        "/" => (
            "method" => "basic",
            "realm" => "example.com",
            "require" => "valid-user"
        )
        )
    )

    proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "5601" ) ) )
 }
	server.modules += ( "mod_auth" )
	server.modules += ( "mod_proxy" )
	accesslog.filename = "/var/log/lighttpd/logs-access.log"

	# server.bind = "0.0.0.0"

	$SERVER["socket"] == ":80" {
	$HTTP["remoteip"] =~ "^10\.10\.10\." {
	# hosts in the 10.10.10.10 range can access :80/api/ subroot
	$HTTP["url"] !~ "^/api/" {
	# not API? redirect as for everyone else
	$HTTP["host"] =~ "(.*)" {
	url.redirect = ( "^(.*)" => "https://%1$1" )
	}
	}
	proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "5601" ) ) )
	} else $HTTP["host"] =~ "(.*)" {
	# everyone else gets redirected to HTTPS and LDAP
	url.redirect = ( "^(.*)" => "https://%1$1" )
	}
	}

	$SERVER["socket"] == ":443" {
	protocol = "https://"
	ssl.engine = "enable"
	ssl.pemfile = "/etc/logstash-central/server.pem"
	ssl.use-sslv2 = "disable"

	# debug.log-request-header = "enable"
	# debug.log-response-header = "enable"
	# debug.log-request-handling = "enable"
	# debug.log-file-not-found = "enable"

	auth.backend = "ldap"
	auth.backend.ldap.hostname = "LDAP-HOST:389"
	auth.backend.ldap.base-dn = "ou=employees,o=example.com"
	auth.backend.ldap.bind-dn = "uid=kibana,ou=apps,o=example.com"
	auth.backend.ldap.bind-pw = "BIND-PASSWORD"
	auth.backend.ldap.filter = "(uid=$)"

	auth.require = (
	"/" => (
	"method" => "basic",
	"realm" => "example.com",
	"require" => "valid-user"
	)
	)
	)

	proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "5601" ) ) )
	}