Skip to content

Instantly share code, notes, and snippets.

@philwinder

philwinder/nginx_groups_auth.conf

Last active December 20, 2018 01:31
Show Gist options
  • Save philwinder/0858f289b87b12d95a6f to your computer and use it in GitHub Desktop.
Save philwinder/0858f289b87b12d95a6f to your computer and use it in GitHub Desktop.
Download ZIP
IVZ: A nginx configuration file to allow groups of users to access different parts of an elasticsearch instance.
Raw
nginx_groups_auth.conf
events {
worker_connections 1024;
}
http {
upstream elasticsearch {
server 127.0.0.1:9200;
}
upstream kibana {
server 127.0.0.1:5601;
}
# Allow read access to log and monitor for authenticated "users"
#
server {
listen 8080;
location ~* (monitor-) {
auth_basic "Elasticsearch users";
auth_basic_user_file /etc/nginx/auth/users.auth;
limit_except GET HEAD {
deny all;
}
proxy_pass http://elasticsearch;
proxy_redirect off;
}
location ~* (monitor-|log-) {
auth_basic "Elasticsearch devs";
auth_basic_user_file /etc/nginx/auth/devs.auth;
limit_except GET HEAD POST {
deny all;
}
proxy_pass http://elasticsearch;
proxy_redirect off;
}
location / {
auth_basic "Elasticsearch Admins";
auth_basic_user_file /etc/nginx/auth/admins.auth;
proxy_pass http://elasticsearch;
proxy_redirect off;
}
# For kibana, re-routes traffic from host:8080/kibana4 to host:5601/
location ~ ^/kibana4/.* {
auth_basic "Elasticsearch devs";
auth_basic_user_file /etc/nginx/auth/devs.auth;
proxy_pass http://kibana;
rewrite ^/kibana4/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# To allow host:8080/kibana4 (no trailing slash) to work
location ~ ^/kibana4 {
rewrite ^([^.]*[^/])$ $1/ permanent;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment