| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 |
- # Courtesy of https://github.com/sgzijl
- # config.js includes elasticsearch: "https://"+window.location.hostname+":443",
- <VirtualHost 1.2.3.4:80>
- ServerName your.domain.tld
- RewriteEngine On
- RewriteCond %{HTTPS} off
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
- </VirtualHost>
-
- <VirtualHost 1.2.3.4:443>
- ServerName your.domain.tld
-
- SSLEngine on
- SSLCertificateFile /path/to/public.crt
- SSLCertificateKeyFile /path/to/private.key
-
- DocumentRoot /path/to/kibana3
- <Directory /path/to/kibana3>
- Allow from all
- Options -Multiviews
- </Directory>
-
- LogLevel debug
- ErrorLog /path/to/logs/error_log
- CustomLog /path/to/logs/access_log combined
-
- # Set global proxy timeouts
- <Proxy http://127.0.0.1:9200>
- ProxySet connectiontimeout=5 timeout=90
- </Proxy>
-
- # Proxy for _aliases and .*/_search
- <LocationMatch "^(/_aliases|.*/_search|.*/_mapping)$">
- ProxyPassMatch http://127.0.0.1:9200
- ProxyPassReverse http://127.0.0.1:9200
- </LocationMatch>
-
- # Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected)
- <LocationMatch "^(/kibana-int/dashboard/|/kibana-int/temp).*$">
- ProxyPassMatch http://127.0.0.1:9200
- ProxyPassReverse http://127.0.0.1:9200
- </LocationMatch>
-
- # Optional disable auth for a src IP (eg: your monitoring host or subnet)
- <Location />
- Allow from 5.6.7.8
- Deny from all
- Satisfy any
-
- AuthLDAPBindDN "CN=_ldapbinduser,OU=Users,DC=example,DC=com"
- AuthLDAPBindPassword "ldapbindpass"
- AuthLDAPURL "ldaps://ldap01.example.com ldap02.example.com/OU=Users,DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
- AuthType Basic
- AuthBasicProvider ldap
- AuthName "Please authenticate for Example dot com"
- AuthLDAPGroupAttributeIsDN on
- require valid-user
- </Location>
-
- </VirtualHost>
|
