I am using reverse proxy w/ nginx in an ELK stack to access kibana dashboards over ssl. Works fine for kibana with following mostly "canned" config but I can't find the correct location block control to access a 2nd root directory path for ES plugins like HQ and BigDesk. All my.domain requests serve from
/var/www/html/kibana3 ... as for example https://my.domain/#/dashboard/elasticsearch/.... whether I enter my.domain or my.domain/HQ/_site/
I would like something like my.domain/HQ/_site/ to serve from /usr/share/elasticsearch/plugins/HQ/_site.
... or maybe a much cleaner way to do this?
Following is one of many attempted configs.
server server_name my.domain; return 301 https://my.domain; } server { listen *:443; ssl on; ssl_certificate /etc/pki/tls/certs/localhost.crt; ssl_certificate_key /etc/pki/tls/private/localhost.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; server_name my.domain; access_log /var/log/nginx/kibana3.access.log; root /var/www/html/kibana3; index index.html index.htm index.php; location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; } location ~ ^/_aliases$ { proxy_pass http://111.222.333.14:9200; proxy_read_timeout 90; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; } location ~ ^/.*/_aliases$ { proxy_pass http://111.222.333.14:9200; proxy_read_timeout 90; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; } location ~ ^/_nodes$ { proxy_pass http://111.222.333.14:9200; proxy_read_timeout 90; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; } location ~ /HQ/_site/ { root /usr/share/elasticsearch/plugins; index index.html proxy_pass http://111.222.333.14:9200; proxy_read_timeout 90; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; } location ~ ^/.*/_search$ { proxy_pass http://111.222.333.14:9200; proxy_read_timeout 90; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; } location ~ ^/.*/_mapping { proxy_pass http://111.222.333.14:9200; proxy_read_timeout 90; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; } # Password protected end points location ~ ^/kibana-int/dashboard/.*$ { proxy_pass http://111.222.333.14:9200; proxy_read_timeout 90; limit_except GET { proxy_pass http://111.222.333.14:9200; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; } } location ~ ^/kibana-int/temp.*$ { proxy_pass http://111.222.333.14:9200; proxy_read_timeout 90; limit_except GET { proxy_pass http://111.222.333.14:9200; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; } } location ~ \.php$ { include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/html/kibana3$fastcgi_script_name; }