From 48a6fdcb157bb33599970d627f34a177411d469f Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Wed, 16 Oct 2013 12:35:13 -0700 Subject: [PATCH] Proxy ElasticSearch with mod_rewrite. * modules/logstash/templates/kibana.vhost.erb: Use mod_rewrite to proxy elasticsearch so that we can safely proxy _mapping. To do this safely we need to restrict requests to GETs. Also, add _nodes to the list of proxies URIs. Change-Id: Ibe86dc104c429c144b31fed547034ee14f7f2e1d --- modules/logstash/templates/kibana.vhost.erb | 32 ++++++++++++--------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/modules/logstash/templates/kibana.vhost.erb b/modules/logstash/templates/kibana.vhost.erb index 65e004b225..c2eebdb9d3 100644 --- a/modules/logstash/templates/kibana.vhost.erb +++ b/modules/logstash/templates/kibana.vhost.erb @@ -1,21 +1,25 @@ :80> - ServerName <%= scope.lookupvar("::logstash::web::vhost_name") %> - ServerAdmin <%= scope.lookupvar("::logstash::web::serveradmin") %> + ServerName <%= scope.lookupvar("::logstash::web::vhost_name") %> + ServerAdmin <%= scope.lookupvar("::logstash::web::serveradmin") %> - ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::logstash::web::vhost_name") %>-error.log + ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::logstash::web::vhost_name") %>-error.log - LogLevel warn + LogLevel warn - CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::logstash::web::vhost_name") %>-access.log combined + CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::logstash::web::vhost_name") %>-access.log combined - <% if proxy_elasticsearch == true %> - # Proxy for elasticsearch _aliases, .*/_status, and .*/_search. - - ProxyPassMatch http://<%= scope.lookupvar("::logstash::web::discover_nodes")[0] %>/$1 connectiontimeout=15 timeout=120 - - ProxyPassReverse /elasticsearch/ http://<%= scope.lookupvar("::logstash::web::discover_nodes")[0] %>/ - <% end %> + + <% if proxy_elasticsearch == true %> + # Proxy GETs for elasticsearch _aliases, .*/_status, .*/_search, + # .*/_mapping, _cluster/health, and _nodes. + RewriteEngine on + RewriteCond %{REQUEST_METHOD} GET + RewriteRule ^/elasticsearch/(_aliases|(.*/)?_status|(.*/)?_search|(.*/)?_mapping|_cluster/health|_nodes)$ http://<%= scope.lookupvar("::logstash::web::discover_nodes")[0] %>/$1 [P] + ProxySet http://<%= scope.lookupvar("::logstash::web::discover_nodes")[0] %>/ connectiontimeout=15 timeout=120 + ProxyPassReverse /elasticsearch/ http://<%= scope.lookupvar("::logstash::web::discover_nodes")[0] %>/ + <% end %> - ProxyPass / http://127.0.0.1:5601/ retry=0 - ProxyPassReverse / http://127.0.0.1:5601/ + ProxyPass / http://127.0.0.1:5601/ retry=0 + ProxyPassReverse / http://127.0.0.1:5601/ +