From 8d08283304ee07ec5bca6aa9cd4e86314ba23ee5 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Thu, 17 Mar 2016 13:17:35 +0100
Subject: [PATCH] Use HaProxy to authenticate requests to Kibana

---
 templates/haproxy_cfg | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/templates/haproxy_cfg b/templates/haproxy_cfg
index d27f4b6..0be6aac 100644
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -40,11 +40,22 @@ listen stats
   stats admin if TRUE
   stats uri /haproxy_stats
   stats realm LoadBalancerStats
+{% if kibana_users is defined %}
+
+userlist kibana
+{% for user in kibana_users %}
+  user {{ user.username }} insecure-password '{{ user.password }}'
+{% endfor %}
+{% endif %}
 
 frontend http_in
   bind *:80
   acl blockedip src  -i -f /etc/haproxy/blacklist
   http-request deny if blockedip
+{% if kibana_users is defined %}
+  acl kibana_present hdr_dom(host) -i '{{ inventory_hostname }}'
+  use_backend backend_kibana if kibana_present
+{% endif %}
 {% if varnish_host|default(false) %}
   acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
   use_backend backend_varnish if static_content
@@ -114,3 +125,10 @@ backend backend_redirect_ssl
 
 backend backend_redirect
   redirect scheme http if TRUE
+{% if kibana_users is defined %}
+
+backend backend_kibana
+  server kibana 127.0.0.1:5601 maxconn 32
+  acl kibana_auth http_auth(kibana) if kibana_present
+  http-request auth realm Kibana if !kibana_auth
+{% endif %}
-- 
GitLab