Skip to content

Instantly share code, notes, and snippets.

@jhazelwo-charter

jhazelwo-charter/nginx.conf

Created October 3, 2017 14:54
Show Gist options
  • Star 14 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save jhazelwo-charter/3024667ae1197c67594246b79a089da0 to your computer and use it in GitHub Desktop.
Save jhazelwo-charter/3024667ae1197c67594246b79a089da0 to your computer and use it in GitHub Desktop.
Download ZIP
NGINX FreeIPA authentication
Raw
nginx.conf
worker_processes 4;
pid /app/run/nginx.pid;
error_log /app/log/error.log;
events {
worker_connections 768;
}
http {
ldap_server freeipa01 {
url "ldaps://freeipa01.example.com/cn=users,cn=accounts,dc=example,dc=com?uid?sub?(objectClass=person)";
binddn "uid=ldapauth4kibana,cn=users,cn=accounts,dc=example,dc=com";
binddn_passwd "put-password-for-binddn-user-here";
group_attribute memberof;
group_attribute_is_dn on;
satisfy any;
require group "cn=kibana,cn=groups,cn=accounts,dc=example,dc=com";
}
server {
listen 80 default_server;
return 444;
}
server {
listen 80;
server_name kibana.example.com;
charset utf-8;
location / {
auth_ldap "Closed content";
auth_ldap_servers freeipa01;
proxy_set_header Host $host;
proxy_pass http://localhost:5601;
}
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/access.log;
error_log /var/log/error.log;
gzip on;
gzip_disable "msie6";
client_body_temp_path /var/run/client_body_temp_path;
fastcgi_temp_path /var/run/fastcgi_temp_path;
proxy_temp_path /var/run/proxy_temp_path;
scgi_temp_path /var/run/scgi_temp_path;
uwsgi_temp_path /var/run/uwsgi_temp_path;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment