Skip to content
Snippets Groups Projects
Commit b3b5586a authored by jurgenhaas's avatar jurgenhaas
Browse files

ansible-roles/elasticsearch#15 Configure elasticsearch, kibana and haproxy for xpack security

parent d84d1a50
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
templates/haproxy_cfg.jinja2
+ 3
12
View file @ b3b5586a
...@@ -42,13 +42,6 @@ listen stats ...@@ -42,13 +42,6 @@ listen stats
stats admin if TRUE stats admin if TRUE
stats uri /haproxy_stats stats uri /haproxy_stats
stats realm LoadBalancerStats stats realm LoadBalancerStats
{% if kibana_users is defined %}
userlist kibana
{% for user in kibana_users %}
user {{ user.username }} insecure-password '{{ user.password }}'
{% endfor %}
{% endif %}
{% if haproxy_private is defined %} {% if haproxy_private is defined %}
userlist notprivate userlist notprivate
...@@ -148,7 +141,7 @@ frontend http_in ...@@ -148,7 +141,7 @@ frontend http_in
http-request set-header x-routing-host {{ routing.default }} if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ routing.domain }} } http-request set-header x-routing-host {{ routing.default }} if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ routing.domain }} }
{% endif %} {% endif %}
use_backend backend_letsencrypt if letsencrypt_challenge use_backend backend_letsencrypt if letsencrypt_challenge
{% if kibana_users is defined %} {% if kibana_domain is defined %}
acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}' acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
use_backend backend_redirect_ssl if kibana_present use_backend backend_redirect_ssl if kibana_present
{% endif %} {% endif %}
...@@ -289,7 +282,7 @@ frontend https_in_{{ cert.ip }} ...@@ -289,7 +282,7 @@ frontend https_in_{{ cert.ip }}
{% if routing is defined and routing.default is defined %} {% if routing is defined and routing.default is defined %}
http-request set-header x-routing-host {{ routing.default }} if { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ routing.domain }} } http-request set-header x-routing-host {{ routing.default }} if { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ routing.domain }} }
{% endif %} {% endif %}
{% if kibana_users is defined %} {% if kibana_domain is defined %}
acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}' acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
use_backend backend_kibana if kibana_present use_backend backend_kibana if kibana_present
{% endif %} {% endif %}
...@@ -470,13 +463,11 @@ backend backend_letsencrypt ...@@ -470,13 +463,11 @@ backend backend_letsencrypt
http-response set-header X-Proxy-Backend "letsencrypt" http-response set-header X-Proxy-Backend "letsencrypt"
{% endif %} {% endif %}
server letsencrypt 127.0.0.1:54321 server letsencrypt 127.0.0.1:54321
{% if kibana_users is defined %} {% if kibana_domain is defined %}
backend backend_kibana backend backend_kibana
{% if proxy_debug %} {% if proxy_debug %}
http-response set-header X-Proxy-Backend "kibana" http-response set-header X-Proxy-Backend "kibana"
{% endif %} {% endif %}
server kibana 127.0.0.1:5601 check maxconn 32 server kibana 127.0.0.1:5601 check maxconn 32
acl kibana_auth http_auth(kibana) if kibana_present
http-request auth realm Kibana if !kibana_auth
{% endif %} {% endif %}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment