jerrac/gist:6382702

## gistfile1.apacheconf
<VirtualHost *:80>
	ServerAdmin admin@example.org
	ServerName elasticsearch.domain.tld
	ServerAlias kibana.domain.tld
	DocumentRoot /path/to/kibana/docroot
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /path/to/kibana/docroot>
		Options -Indexes FollowSymLinks -MultiViews
		AllowOverride all
		Order allow,deny
		allow from all
	</Directory>
	ErrorLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.error.log
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.log combined
	# To redirect all Traffic to SSL uncomment the following lines.
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
#If you have SSL enabled for this host, uncomment the following vhost declaration
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin admin@example.org
    ServerName elasticsearch.domain.tld
    ServerAlias kibana.domain.tld
    DocumentRoot /path/to/kibana/docroot
    <Directory />
      Options FollowSymLinks
      AllowOverride None
    </Directory>
    <Directory /path/to/kibana/docroot>
        Options -MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    #   SSL Info
    SSLEngine on
    SSLCertificateFile    /etc/apache2/ssl/CERT
    SSLCertificateKeyFile /etc/apache2/ssl/CERTKEY
    SSLCACertificateFile /etc/apache2/ssl/CERTCA

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
    </Directory>
    BrowserMatch "MSIE [2-6]" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
   # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [7-9]" ssl-unclean-shutdown

    ErrorLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.error.log
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.log combined

  # Set global proxy timeouts
  <Proxy http://elasticsearch.domain.tld:9200>
    ProxySet connectiontimeout=5 timeout=90
  </Proxy>

  # Proxy for _aliases and .*/_search
  <LocationMatch "^(/_aliases|.*/_search|.*/_mapping)$">
    ProxyPassMatch http://elasticsearch.domain.tld:9200
    ProxyPassReverse http://elasticsearch.domain.tld:9200
  </LocationMatch>

  # Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected)
  <LocationMatch "^(/kibana-int/dashboard/|/kibana-int/temp).*$">
    ProxyPassMatch http://elasticsearch.domain.tld:9200
    ProxyPassReverse http://elasticsearch.domain.tld:9200
  </LocationMatch>

  <Location />
    AuthLDAPBindDN "BINDDN"
    AuthLDAPBindPassword "PASSWORD"
    AuthLDAPURL "LDAPURL"
    AuthType Basic
    AuthBasicProvider ldap
    AuthName "Please authenticate for kibana"
    AuthzLDAPAuthoritative on
    Require ldap-user USERID
  </Location>

</VirtualHost>
</IfModule>
	<VirtualHost *:80>
	ServerAdmin admin@example.org
	ServerName elasticsearch.domain.tld
	ServerAlias kibana.domain.tld
	DocumentRoot /path/to/kibana/docroot
	<Directory />
	Options FollowSymLinks
	AllowOverride None
	</Directory>
	<Directory /path/to/kibana/docroot>
	Options -Indexes FollowSymLinks -MultiViews
	AllowOverride all
	Order allow,deny
	allow from all
	</Directory>
	ErrorLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.error.log
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.log combined
	# To redirect all Traffic to SSL uncomment the following lines.
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
	</VirtualHost>
	#If you have SSL enabled for this host, uncomment the following vhost declaration
	<IfModule mod_ssl.c>
	<VirtualHost *:443>
	ServerAdmin admin@example.org
	ServerName elasticsearch.domain.tld
	ServerAlias kibana.domain.tld
	DocumentRoot /path/to/kibana/docroot
	<Directory />
	Options FollowSymLinks
	AllowOverride None
	</Directory>
	<Directory /path/to/kibana/docroot>
	Options -MultiViews
	AllowOverride All
	Order allow,deny
	allow from all
	</Directory>

	# SSL Info
	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl/CERT
	SSLCertificateKeyFile /etc/apache2/ssl/CERTKEY
	SSLCACertificateFile /etc/apache2/ssl/CERTCA

	<FilesMatch "\.(cgi\|shtml\|phtml\|php)$">
	SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
	SSLOptions +StdEnvVars
	</Directory>
	BrowserMatch "MSIE [2-6]" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0
	# MSIE 7 and newer should be able to use keepalive
	BrowserMatch "MSIE [7-9]" ssl-unclean-shutdown

	ErrorLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.error.log
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.log combined

	# Set global proxy timeouts
	<Proxy http://elasticsearch.domain.tld:9200>
	ProxySet connectiontimeout=5 timeout=90
	</Proxy>

	# Proxy for _aliases and .*/_search
	<LocationMatch "^(/_aliases\|./_search\|./_mapping)$">
	ProxyPassMatch http://elasticsearch.domain.tld:9200
	ProxyPassReverse http://elasticsearch.domain.tld:9200
	</LocationMatch>

	# Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected)
	<LocationMatch "^(/kibana-int/dashboard/\|/kibana-int/temp).*$">
	ProxyPassMatch http://elasticsearch.domain.tld:9200
	ProxyPassReverse http://elasticsearch.domain.tld:9200
	</LocationMatch>

	<Location />
	AuthLDAPBindDN "BINDDN"
	AuthLDAPBindPassword "PASSWORD"
	AuthLDAPURL "LDAPURL"
	AuthType Basic
	AuthBasicProvider ldap
	AuthName "Please authenticate for kibana"
	AuthzLDAPAuthoritative on
	Require ldap-user USERID
	</Location>

	</VirtualHost>
	</IfModule>