Skip to content

Instantly share code, notes, and snippets.

@simonmorley

simonmorley/gist:7224897

Last active June 4, 2017 16:44
Show Gist options
  • Save simonmorley/7224897 to your computer and use it in GitHub Desktop.
Save simonmorley/7224897 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx configuration for a secure kibana, elasticsearch setup. Version 1, no way finished.
Raw
gistfile1.txt
server {
listen 8443 default ssl;
server_name www.yourdomain.com;
ssl on;
ssl_certificate /etc/nginx/conf.d/cert.pem;
ssl_certificate_key /etc/nginx/conf.d/cert.key;
client_max_body_size 50M;
error_log /var/log/nginx/elasticsearch-errors.log;
access_log /var/log/nginx/elasticsearch.log;
location / {
root /opt/kibana/current;
index index.html index.htm;
auth_basic "ElasticSearch";
auth_basic_user_file /etc/es/passwords;
}
location /es/ {
rewrite ^/es/_aliases$ /_aliases break;
rewrite ^/es/_nodes$ /_nodes break;
rewrite ^/es/(.*/_mapping)$ /$1 break;
return 403;
limit_except GET{
deny all;
}
auth_basic "ElasticSearch";
auth_basic_user_file /etc/es/passwords;
proxy_pass http://localhost:9200;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# For CORS Ajax
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
location ~ ^/es/(.*/_search)$ {
rewrite ^/es/(.*/_search)$ /$1 break;
limit_except POST {
deny all;
}
proxy_pass http://localhost:9200;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# For CORS Ajax
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
auth_basic "ElasticSearch";
auth_basic_user_file /etc/es/passwords;
}
location /es/kibana-int/ {
rewrite ^/es/(kibana-int/.*)$ /$1 break;
proxy_pass http://localhost:9200;
auth_basic "ElasticSearch";
auth_basic_user_file /etc/es/passwords;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# For CORS Ajax
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment