Skip to content

Instantly share code, notes, and snippets.

@jerrac
Created August 29, 2013 17:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jerrac/0a8bd96e6c42eb84b6f2 to your computer and use it in GitHub Desktop.
Save jerrac/0a8bd96e6c42eb84b6f2 to your computer and use it in GitHub Desktop.
Elasticsearch and Kibana vhost that doesn't let me view logs from a computer without access to the elasticsearch server's port 9200
<VirtualHost *:80>
ServerAdmin admin@email.tld
ServerName elasticsearch.domain.tld
ServerAlias kibana.domain.tld
DocumentRoot /var/www/log-elasticsearch/docroot
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/log-elasticsearch/docroot>
Options -Indexes FollowSymLinks -MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.log combined
# To redirect all Traffic to SSL uncomment the following lines.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
#If you have SSL enabled for this host, uncomment the following vhost declaration
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin admin@email.tld
ServerName elasticsearch.domain.tld
ServerAlias kibana.domain.tld
DocumentRoot /var/www/log-elasticsearch/docroot
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/log-elasticsearch/docroot>
Options -Indexes FollowSymLinks -MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
# SSL Info
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/CERT
SSLCertificateKeyFile /etc/apache2/ssl/KEY
SSLCACertificateFile /etc/apache2/ssl/CA
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [7-9]" ssl-unclean-shutdown
ErrorLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.log combined
ProxyRequests Off
SSLProxyEngine On
# Set global proxy timeouts
<Proxy http://elasticsearch.domain.tld:9200>
# <Proxy http://127.0.0.1:9200>
ProxySet connectiontimeout=5 timeout=90
</Proxy>
# Proxy for _aliases and .*/_search
<LocationMatch "^(/_aliases|.*/_search)$">
ProxyPassMatch http://127.0.0.1:9200
ProxyPassReverse http://127.0.0.1:9200
</LocationMatch>
# Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected)
<LocationMatch "^(/kibana-int/dashboard/|/kibana-int/temp).*$">
ProxyPassMatch http://127.0.0.1:9200
ProxyPassReverse http://127.0.0.1:9200
</LocationMatch>
<Location />
#Allow from 5.6.7.8
#Deny from all
#Satisfy any
AuthLDAPBindDN "BINDUSER"
AuthLDAPBindPassword "PASSWORD"
AuthLDAPURL LDAPURL
AuthType Basic
AuthBasicProvider ldap
AuthName "Please authenticate for kibana"
AuthzLDAPAuthoritative on
Require ldap-user userid
Require ldap-user userid
Require ldap-user userid
Require ldap-user userid
Require ldap-user userid
Require ldap-user userid
Require ldap-user userid
Require ldap-user userid
Require ldap-user userid
Require ldap-user userid
</Location>
</VirtualHost>
</IfModule>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment