-
-
Save seza443/40eec5fa8be6d5293c63cd766a9d4efc to your computer and use it in GitHub Desktop.
Proxy server - Nginx configuration for Kibana-ElasticSearch read-only access
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Config: /etc/nginx/conf.d/kibana.conf | |
| server { | |
| listen 80; | |
| server_name PROXY_URL; | |
| # Read only access to Kibana | |
| # deny other than get/post/options/head | |
| # allow post when used with _search/_msearch/_mget | |
| # allow get/options/head | |
| set $posting 11; | |
| if ( $request_method !~ ^(GET|POST|OPTIONS|HEAD)$ ) { return 405; } | |
| if ( $request_method = POST ) { set $posting 1; } | |
| if ( $request_uri ~ ^/(.+)/(_search|_mget|_msearch|_field_stats|_bulk_get)(.*)$ ) { set $posting "${posting}1"; } | |
| if ( $request_method ~ ^(GET|OPTIONS|HEAD)$ ) { set $posting 11; } | |
| if ( $posting != 11 ) { return 403; } | |
| location / { | |
| proxy_pass YOUR_ELASTIC_ENDOINT_URL; | |
| # proxy_redirect YOUR_ELASTIC_ENDOINT_URL /; | |
| proxy_http_version 1.1; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header Authorization ""; | |
| proxy_hide_header Authorization; | |
| # Password protection via Basic HTTP Authentication | |
| auth_basic "Username and Password are required"; | |
| auth_basic_user_file /etc/nginx/.htpasswd; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add a new username and password to /etc/nginx/.htpasswd