Skip to content

Instantly share code, notes, and snippets.

@jerrac
Created August 29, 2013 19:58
Show Gist options
  • Save jerrac/6382702 to your computer and use it in GitHub Desktop.
Save jerrac/6382702 to your computer and use it in GitHub Desktop.
Apache vhost that proxies elasticsearch for Kibana. Make sure Kibana's config.js points to your vhost on port 443. Need proxy and proxy_http apache modules enabled.
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName elasticsearch.domain.tld
ServerAlias kibana.domain.tld
DocumentRoot /path/to/kibana/docroot
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /path/to/kibana/docroot>
Options -Indexes FollowSymLinks -MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.log combined
# To redirect all Traffic to SSL uncomment the following lines.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
#If you have SSL enabled for this host, uncomment the following vhost declaration
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName elasticsearch.domain.tld
ServerAlias kibana.domain.tld
DocumentRoot /path/to/kibana/docroot
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /path/to/kibana/docroot>
Options -MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
# SSL Info
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/CERT
SSLCertificateKeyFile /etc/apache2/ssl/CERTKEY
SSLCACertificateFile /etc/apache2/ssl/CERTCA
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [7-9]" ssl-unclean-shutdown
ErrorLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.log combined
# Set global proxy timeouts
<Proxy http://elasticsearch.domain.tld:9200>
ProxySet connectiontimeout=5 timeout=90
</Proxy>
# Proxy for _aliases and .*/_search
<LocationMatch "^(/_aliases|.*/_search|.*/_mapping)$">
ProxyPassMatch http://elasticsearch.domain.tld:9200
ProxyPassReverse http://elasticsearch.domain.tld:9200
</LocationMatch>
# Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected)
<LocationMatch "^(/kibana-int/dashboard/|/kibana-int/temp).*$">
ProxyPassMatch http://elasticsearch.domain.tld:9200
ProxyPassReverse http://elasticsearch.domain.tld:9200
</LocationMatch>
<Location />
AuthLDAPBindDN "BINDDN"
AuthLDAPBindPassword "PASSWORD"
AuthLDAPURL "LDAPURL"
AuthType Basic
AuthBasicProvider ldap
AuthName "Please authenticate for kibana"
AuthzLDAPAuthoritative on
Require ldap-user USERID
</Location>
</VirtualHost>
</IfModule>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment