@@ -0,0 +1,97 @@
<VirtualHost *:80 >
ServerAdmin [email protected]
ServerName elasticsearch.domain.tld
ServerAlias kibana.domain.tld
DocumentRoot /path/to/kibana/docroot
<Directory / >
Options FollowSymLinks
AllowOverride None
</Directory >
<Directory /path/to/kibana/docroot >
Options -Indexes FollowSymLinks -MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory >
ErrorLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/elasticsearch.domain.tld.log combined
# To redirect all Traffic to SSL uncomment the following lines.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost >
#If you have SSL enabled for this host, uncomment the following vhost declaration
<IfModule mod_ssl.c >
<VirtualHost *:443 >
ServerAdmin [email protected]
ServerName elasticsearch.domain.tld
ServerAlias kibana.domain.tld
DocumentRoot /path/to/kibana/docroot
<Directory / >
Options FollowSymLinks
AllowOverride None
</Directory >
<Directory /path/to/kibana/docroot >
Options -MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory >
# SSL Info
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/CERT
SSLCertificateKeyFile /etc/apache2/ssl/CERTKEY
SSLCACertificateFile /etc/apache2/ssl/CERTCA
<FilesMatch "\.(cgi|shtml|phtml|php)$" >
SSLOptions +StdEnvVars
</FilesMatch >
<Directory /usr/lib/cgi-bin >
SSLOptions +StdEnvVars
</Directory >
BrowserMatch "MSIE [2 -6 ]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1 .0 force-response-1 .0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [7 -9 ]" ssl-unclean-shutdown
ErrorLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl-elasticsearch.domain.tld.log combined
# Set global proxy timeouts
<Proxy http://elasticsearch.domain.tld:9200 >
ProxySet connectiontimeout=5 timeout=90
</Proxy >
# Proxy for _aliases and .*/_search
<LocationMatch "^(/_aliases|.*/_search|.*/_mapping)$" >
ProxyPassMatch http://elasticsearch.domain.tld:9200
ProxyPassReverse http://elasticsearch.domain.tld:9200
</LocationMatch >
# Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected)
<LocationMatch "^(/kibana-int/dashboard/|/kibana-int/temp).*$" >
ProxyPassMatch http://elasticsearch.domain.tld:9200
ProxyPassReverse http://elasticsearch.domain.tld:9200
</LocationMatch >
<Location / >
AuthLDAPBindDN "BINDDN"
AuthLDAPBindPassword "PASSWORD"
AuthLDAPURL "LDAPURL"
AuthType Basic
AuthBasicProvider ldap
AuthName "Please authenticate for kibana"
AuthzLDAPAuthoritative on
Require ldap-user USERID
</Location >
</VirtualHost >
</IfModule >
jerrac created this gist