From b3b5586a16f13a39505a2aaef163f12c0cd617f9 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Thu, 27 Jun 2019 17:22:17 +0200
Subject: [PATCH] ansible-roles/elasticsearch#15 Configure elasticsearch,
 kibana and haproxy for xpack security

---
 templates/haproxy_cfg.jinja2 | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/templates/haproxy_cfg.jinja2 b/templates/haproxy_cfg.jinja2
index 4bb8cb9..fa327e4 100644
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
@@ -42,13 +42,6 @@ listen stats
   stats admin if TRUE
   stats uri /haproxy_stats
   stats realm LoadBalancerStats
-{% if kibana_users is defined %}
-
-userlist kibana
-{% for user in kibana_users %}
-  user {{ user.username }} insecure-password '{{ user.password }}'
-{% endfor %}
-{% endif %}
 {% if haproxy_private is defined %}
 
 userlist notprivate
@@ -148,7 +141,7 @@ frontend http_in
   http-request set-header x-routing-host {{ routing.default }} if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ routing.domain }} }
 {% endif %}
   use_backend backend_letsencrypt if letsencrypt_challenge
-{% if kibana_users is defined %}
+{% if kibana_domain is defined %}
   acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
   use_backend backend_redirect_ssl if kibana_present
 {% endif %}
@@ -289,7 +282,7 @@ frontend https_in_{{ cert.ip }}
 {% if routing is defined and routing.default is defined %}
   http-request set-header x-routing-host {{ routing.default }} if { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ routing.domain }} }
 {% endif %}
-{% if kibana_users is defined %}
+{% if kibana_domain is defined %}
   acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
   use_backend backend_kibana if kibana_present
 {% endif %}
@@ -470,13 +463,11 @@ backend backend_letsencrypt
   http-response set-header X-Proxy-Backend "letsencrypt"
 {% endif %}
   server letsencrypt 127.0.0.1:54321
-{% if kibana_users is defined %}
+{% if kibana_domain is defined %}
 
 backend backend_kibana
 {% if proxy_debug %}
   http-response set-header X-Proxy-Backend "kibana"
 {% endif %}
   server kibana 127.0.0.1:5601 check maxconn 32
-  acl kibana_auth http_auth(kibana) if kibana_present
-  http-request auth realm Kibana if !kibana_auth
 {% endif %}
-- 
GitLab