Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107557
Change subject: kibana: redirect to HTTPS
......................................................................
kibana: redirect to HTTPS
We shouldn't pass credentials nor potentially sensitive loglines clear
over clear text. Since we're behind misc-web-lb, do the redirect based
on the X-Forwarded-Proto HTTP header.
Change-Id: Ie061e00bd067e08fc45729595f893c0411adb67e
---
M templates/kibana/apache.conf.erb
1 file changed, 6 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/57/107557/1
diff --git a/templates/kibana/apache.conf.erb b/templates/kibana/apache.conf.erb
index 96a434d..42f4c6e 100644
--- a/templates/kibana/apache.conf.erb
+++ b/templates/kibana/apache.conf.erb
@@ -10,6 +10,11 @@
DocumentRoot <%= @deploy_dir %>/src
+ RewriteEngine on
+ RewriteCond %{HTTP:X-Forwarded-Proto} !https
+ RewriteCond %{REQUEST_URI} !^/status$
+ RewriteRule ^/(.*)$ https://<%= @hostname %>%{REQUEST_URI} [R=301,L]
+
<Directory />
Options FollowSymLinks
AllowOverride None
@@ -68,7 +73,7 @@
Header set Cache-Control "public, must-revalidate, max-age=900"
</LocationMatch>
- # Storage/retrival of saved dashboards via elasticsearch
+ # Storage/retrieval of saved dashboards via elasticsearch
<LocationMatch "^/(kibana-int/dashboard/|kibana-int/temp)(.*)$">
ProxyPassMatch http://<%= @es_host %>:<%= @es_port %>/$1$2
ProxyPassReverse http://<%= @es_host %>:<%= @es_port %>/$1$2
--
To view, visit https://gerrit.wikimedia.org/r/107557
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie061e00bd067e08fc45729595f893c0411adb67e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
