Skip to content

Instantly share code, notes, and snippets.

@chelming

chelming/nginx.conf

Last active August 29, 2015 14:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save chelming/eb862887a91e4f2875b4 to your computer and use it in GitHub Desktop.
Save chelming/eb862887a91e4f2875b4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx.conf
user nginx;
worker_processes 10;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
auth_ldap_cache_enabled on;
auth_ldap_cache_expiration_time 10000;
auth_ldap_cache_size 1000;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
gzip_min_length 1100;
gzip_vary on;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/rss+xml text/javascript
image/svg+xml application/x-font-ttf font/opentype
application/vnd.ms-fontobject;
include /etc/nginx/conf.d/*.conf;
#
# Nginx proxy for Elasticsearch + Kibana
#
# In this setup, we are password protecting the saving of dashboards. You may
# wish to extend the password protection to all paths.
#
# Even though these paths are being called as the result of an ajax request, the
# browser will prompt for a username/password on the first request
#
# If you use this, you'll want to point config.js at http://FQDN:80/ instead of
# http://FQDN:9200
#
ldap_server main {
url ldaps://ldap.domain.tld/ou=people,dc=domain,dc=tld?uid?sub;
require valid_user;
}
upstream backend {
server <FQDN>:9200;
}
server {
listen *:80 ;
server_name <FQDN>;
access_log /var/log/nginx/kibana.access.log;
error_log /var/log/nginx/error.log debug;
auth_ldap "Forbidden";
auth_ldap_servers main;
location / {
root /usr/local/kibana-3.1.0;
index index.html index.htm;
}
location ^~ /elasticsearch/ {
proxy_pass http://backend/;
}
location ^~ /plugins/ {
proxy_pass http://backend/;
root /usr/share/elasticsearch/plugins/;
}
# location ^~ /elasticsearch/ {
# proxy_pass http://127.0.0.1:9200;
# proxy_read_timeout 90;
# }
# location ~ ^/_aliases$ {
# proxy_pass http://127.0.0.1:9200;
# proxy_read_timeout 90;
# }
# location ~ ^/.*/_aliases$ {
# proxy_pass http://127.0.0.1:9200;
# proxy_read_timeout 90;
# }
# location ~ ^/.*/_nodes$ {
# proxy_pass http://127.0.0.1:9200;
# proxy_read_timeout 90;
# }
# location ~ ^/.*/_search$ {
# proxy_pass http://127.0.0.1:9200;
# proxy_read_timeout 90;
# }
# location ~ ^/.*/_mapping$ {
# proxy_pass http://127.0.0.1:9200;
# proxy_read_timeout 90;
# }
# Password protected end points
location ~ ^/kibana-int/dashboard/.*$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
limit_except GET {
proxy_pass http://127.0.0.1:9200;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
}
}
location ~ ^/kibana-int/temp.*$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
limit_except GET {
proxy_pass http://127.0.0.1:9200;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.myhost.org.htpasswd;
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment