Created
August 29, 2013 19:58
-
-
Save jerrac/6382702 to your computer and use it in GitHub Desktop.
Apache vhost that proxies elasticsearch for Kibana. Make sure Kibana's config.js points to your vhost on port 443. Need proxy and proxy_http apache modules enabled.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:80> | |
ServerAdmin [email protected] | |
ServerName elasticsearch.domain.tld | |
ServerAlias kibana.domain.tld | |
DocumentRoot /path/to/kibana/docroot | |
<Directory /> | |
Options FollowSymLinks | |
AllowOverride None | |
</Directory> | |
<Directory /path/to/kibana/docroot> | |
Options -Indexes FollowSymLinks -MultiViews | |
AllowOverride all | |
Order allow,deny | |
allow from all | |
</Directory> | |
ErrorLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.error.log | |
# Possible values include: debug, info, notice, warn, error, crit, | |
# alert, emerg. | |
LogLevel warn | |
CustomLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.log combined | |
# To redirect all Traffic to SSL uncomment the following lines. | |
RewriteEngine On | |
RewriteCond %{HTTPS} off | |
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} | |
</VirtualHost> | |
#If you have SSL enabled for this host, uncomment the following vhost declaration | |
<IfModule mod_ssl.c> | |
<VirtualHost *:443> | |
ServerAdmin [email protected] | |
ServerName elasticsearch.domain.tld | |
ServerAlias kibana.domain.tld | |
DocumentRoot /path/to/kibana/docroot | |
<Directory /> | |
Options FollowSymLinks | |
AllowOverride None | |
</Directory> | |
<Directory /path/to/kibana/docroot> | |
Options -MultiViews | |
AllowOverride All | |
Order allow,deny | |
allow from all | |
</Directory> | |
# SSL Info | |
SSLEngine on | |
SSLCertificateFile /etc/apache2/ssl/CERT | |
SSLCertificateKeyFile /etc/apache2/ssl/CERTKEY | |
SSLCACertificateFile /etc/apache2/ssl/CERTCA | |
<FilesMatch "\.(cgi|shtml|phtml|php)$"> | |
SSLOptions +StdEnvVars | |
</FilesMatch> | |
<Directory /usr/lib/cgi-bin> | |
SSLOptions +StdEnvVars | |
</Directory> | |
BrowserMatch "MSIE [2-6]" \ | |
nokeepalive ssl-unclean-shutdown \ | |
downgrade-1.0 force-response-1.0 | |
# MSIE 7 and newer should be able to use keepalive | |
BrowserMatch "MSIE [7-9]" ssl-unclean-shutdown | |
ErrorLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.error.log | |
# Possible values include: debug, info, notice, warn, error, crit, | |
# alert, emerg. | |
LogLevel warn | |
CustomLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.log combined | |
# Set global proxy timeouts | |
<Proxy http://elasticsearch.domain.tld:9200> | |
ProxySet connectiontimeout=5 timeout=90 | |
</Proxy> | |
# Proxy for _aliases and .*/_search | |
<LocationMatch "^(/_aliases|.*/_search|.*/_mapping)$"> | |
ProxyPassMatch http://elasticsearch.domain.tld:9200 | |
ProxyPassReverse http://elasticsearch.domain.tld:9200 | |
</LocationMatch> | |
# Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected) | |
<LocationMatch "^(/kibana-int/dashboard/|/kibana-int/temp).*$"> | |
ProxyPassMatch http://elasticsearch.domain.tld:9200 | |
ProxyPassReverse http://elasticsearch.domain.tld:9200 | |
</LocationMatch> | |
<Location /> | |
AuthLDAPBindDN "BINDDN" | |
AuthLDAPBindPassword "PASSWORD" | |
AuthLDAPURL "LDAPURL" | |
AuthType Basic | |
AuthBasicProvider ldap | |
AuthName "Please authenticate for kibana" | |
AuthzLDAPAuthoritative on | |
Require ldap-user USERID | |
</Location> | |
</VirtualHost> | |
</IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment