-
-
Save eredding-rmn/f5e745aaf1ecd274e295 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost *:80> | |
| ServerAdmin admin@example.org | |
| ServerName elasticsearch.domain.tld | |
| ServerAlias kibana.domain.tld | |
| DocumentRoot /path/to/kibana/docroot | |
| <Directory /> | |
| Options FollowSymLinks | |
| AllowOverride None | |
| </Directory> | |
| <Directory /path/to/kibana/docroot> | |
| Options -Indexes FollowSymLinks -MultiViews | |
| AllowOverride all | |
| Order allow,deny | |
| allow from all | |
| </Directory> | |
| ErrorLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.error.log | |
| # Possible values include: debug, info, notice, warn, error, crit, | |
| # alert, emerg. | |
| LogLevel warn | |
| CustomLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.log combined | |
| # To redirect all Traffic to SSL uncomment the following lines. | |
| RewriteEngine On | |
| RewriteCond %{HTTPS} off | |
| RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} | |
| </VirtualHost> | |
| #If you have SSL enabled for this host, uncomment the following vhost declaration | |
| <IfModule mod_ssl.c> | |
| <VirtualHost *:443> | |
| ServerAdmin admin@example.org | |
| ServerName elasticsearch.domain.tld | |
| ServerAlias kibana.domain.tld | |
| DocumentRoot /path/to/kibana/docroot | |
| <Directory /> | |
| Options FollowSymLinks | |
| AllowOverride None | |
| </Directory> | |
| <Directory /path/to/kibana/docroot> | |
| Options -MultiViews | |
| AllowOverride All | |
| Order allow,deny | |
| allow from all | |
| </Directory> | |
| # SSL Info | |
| SSLEngine on | |
| SSLCertificateFile /etc/apache2/ssl/CERT | |
| SSLCertificateKeyFile /etc/apache2/ssl/CERTKEY | |
| SSLCACertificateFile /etc/apache2/ssl/CERTCA | |
| <FilesMatch "\.(cgi|shtml|phtml|php)$"> | |
| SSLOptions +StdEnvVars | |
| </FilesMatch> | |
| <Directory /usr/lib/cgi-bin> | |
| SSLOptions +StdEnvVars | |
| </Directory> | |
| BrowserMatch "MSIE [2-6]" \ | |
| nokeepalive ssl-unclean-shutdown \ | |
| downgrade-1.0 force-response-1.0 | |
| # MSIE 7 and newer should be able to use keepalive | |
| BrowserMatch "MSIE [7-9]" ssl-unclean-shutdown | |
| ErrorLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.error.log | |
| # Possible values include: debug, info, notice, warn, error, crit, | |
| # alert, emerg. | |
| LogLevel warn | |
| CustomLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.log combined | |
| # Set global proxy timeouts | |
| <Proxy http://elasticsearch.domain.tld:9200> | |
| ProxySet connectiontimeout=5 timeout=90 | |
| </Proxy> | |
| # Proxy for _aliases and .*/_search | |
| <LocationMatch "^(/_aliases|.*/_search|.*/_mapping)$"> | |
| ProxyPassMatch http://elasticsearch.domain.tld:9200 | |
| ProxyPassReverse http://elasticsearch.domain.tld:9200 | |
| </LocationMatch> | |
| # Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected) | |
| <LocationMatch "^(/kibana-int/dashboard/|/kibana-int/temp).*$"> | |
| ProxyPassMatch http://elasticsearch.domain.tld:9200 | |
| ProxyPassReverse http://elasticsearch.domain.tld:9200 | |
| </LocationMatch> | |
| <Location /> | |
| AuthLDAPBindDN "BINDDN" | |
| AuthLDAPBindPassword "PASSWORD" | |
| AuthLDAPURL "LDAPURL" | |
| AuthType Basic | |
| AuthBasicProvider ldap | |
| AuthName "Please authenticate for kibana" | |
| AuthzLDAPAuthoritative on | |
| Require ldap-user USERID | |
| </Location> | |
| </VirtualHost> | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment