churnd/gist:7138696

## gistfile1.apacheconf
#
# Nginx proxy for Elasticsearch + Kibana
#
# In this setup, we are password protecting the saving of dashboards. You may
# wish to extend the password protection to all paths.
#
# Even though these paths are being called as the result of an ajax request, the
# browser will prompt for a username/password on the first request
#
# If you use this, you'll want to point config.js at http://FQDN:80/ instead of
# http://FQDN:9200
#
server {
  listen                *:443 ;

  server_name           kibana.example.com;
  ssl         on;
  ssl_certificate     /etc/nginx/ssl/server.crt;
  ssl_certificate_key /etc/nginx/ssl/server.key;

  ssl_session_timeout  5m;

  ssl_protocols  SSLv2 SSLv3 TLSv1;
  ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_prefer_server_ciphers   on;

  location / {
    root  /usr/share/nginx/html;
    index  index.html  index.htm;
  }

  location ~ ^/_aliases$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
  }
  location ~ ^/_nodes$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
  }
  location ~ ^/.*/_search$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
  }
  location ~ ^/.*/_mapping$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
  }

  # Password protected end points
  location ~ ^/kibana-int/dashboard/.*$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
    limit_except GET {
      proxy_pass http://127.0.0.1:9200;
      auth_basic "Here there be Dragons";
      auth_basic_user_file /usr/share/nginx/html/.htpasswd;
    }
  }
  location ~ ^/kibana-int/temp.*$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
    limit_except GET {
      proxy_pass http://127.0.0.1:9200;
      auth_basic "Here there be Dragons";
      auth_basic_user_file /usr/share/nginx/html/.htpasswd;
    }
  }
}
	#
	# Nginx proxy for Elasticsearch + Kibana
	#
	# In this setup, we are password protecting the saving of dashboards. You may
	# wish to extend the password protection to all paths.
	#
	# Even though these paths are being called as the result of an ajax request, the
	# browser will prompt for a username/password on the first request
	#
	# If you use this, you'll want to point config.js at http://FQDN:80/ instead of
	# http://FQDN:9200
	#
	server {
	listen *:443 ;

	server_name kibana.example.com;
	ssl on;
	ssl_certificate /etc/nginx/ssl/server.crt;
	ssl_certificate_key /etc/nginx/ssl/server.key;

	ssl_session_timeout 5m;

	ssl_protocols SSLv2 SSLv3 TLSv1;
	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
	ssl_prefer_server_ciphers on;

	location / {
	root /usr/share/nginx/html;
	index index.html index.htm;
	}

	location ~ ^/_aliases$ {
	proxy_pass http://127.0.0.1:9200;
	proxy_read_timeout 90;
	}
	location ~ ^/_nodes$ {
	proxy_pass http://127.0.0.1:9200;
	proxy_read_timeout 90;
	}
	location ~ ^/.*/_search$ {
	proxy_pass http://127.0.0.1:9200;
	proxy_read_timeout 90;
	}
	location ~ ^/.*/_mapping$ {
	proxy_pass http://127.0.0.1:9200;
	proxy_read_timeout 90;
	}

	# Password protected end points
	location ~ ^/kibana-int/dashboard/.*$ {
	proxy_pass http://127.0.0.1:9200;
	proxy_read_timeout 90;
	limit_except GET {
	proxy_pass http://127.0.0.1:9200;
	auth_basic "Here there be Dragons";
	auth_basic_user_file /usr/share/nginx/html/.htpasswd;
	}
	}
	location ~ ^/kibana-int/temp.*$ {
	proxy_pass http://127.0.0.1:9200;
	proxy_read_timeout 90;
	limit_except GET {
	proxy_pass http://127.0.0.1:9200;
	auth_basic "Here there be Dragons";
	auth_basic_user_file /usr/share/nginx/html/.htpasswd;
	}
	}
	}