fuel-plugin-elasticsearch-kibana/deployment_scripts/puppet/modules/lma_logging_analytics/templates/apache_kibana_proxy_viewer.conf.erb

# ************************************
# Vhost template in module lma_logging_analytics
# Managed by Puppet
# ************************************

<VirtualHost <%= @listen_address %>:<%= @listen_port_viewer %>>
  ServerName kibana
  DocumentRoot "/opt/kibana"

  ProxyRequests Off

  <Proxy *>
    Order Allow,Deny
    Allow From All
    AuthName "Kibana Access"
    AuthType Basic
    AuthUserFile <%= @htpasswd_file %>
<% if @ldap_enabled -%>
    AuthBasicProvider file ldap
    AuthLDAPURL "<%= @ldap_protocol %>://<%= @ldap_url %>"
    AuthLDAPBindDN "<%= @ldap_bind_dn %>"
    AuthLDAPBindPassword <%= @ldap_bind_password %>
<% if @ldap_authorization_enabled -%>
    AuthLDAPGroupAttribute <%= @ldap_group_attribute %>
    AuthLDAPGroupAttributeIsDN off
    AuthBasicAuthoritative on
    <RequireAny>
    require user <%= @username %>
    Require ldap-group <%= @ldap_viewer_group_dn %>
    Require ldap-group <%= @ldap_admin_group_dn %>
    </RequireAny>
<% else -%>
    require valid-user
<% end -%>
<% else -%>
    require valid-user
<% end -%>
  </Proxy>

  ProxyPass / http://<%= @kibana_address %>:<%= @kibana_port %>
  ProxyPassReverse / http://<%= @kibana_address %>:<%= @kibana_port %>
  RewriteEngine on
  # Deleting is forbidden for viewers
  RewriteCond %{REQUEST_METHOD} DELETE
  RewriteRule .* - [F,L]
  # Creation/update is forbidden for viewers
  RewriteCond %{REQUEST_METHOD} POST
  RewriteCond %{QUERY_STRING} op_type=create
  RewriteRule .* - [F,L]
  # Passthrough the request to Kibana with the orginal query string
  RewriteRule .* http://<%= @kibana_address %>:<%= @kibana_port %>%{REQUEST_URI} [P,QSA,L]

  ErrorLog "/var/log/apache2/kibana_error.log"
  ServerSignature Off
  CustomLog "/var/log/apache2/kibana_access.log" combined
</VirtualHost>