From 951d7d428fb7570c4bf8f8908ac31a1f0e801e68 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Mon, 17 May 2021 00:14:43 +0300
Subject: [PATCH] Move the Elasticsearch stack to ns4.

---
 conf.d/elasticsearch.shore.co.il.conf | 28 ++++++++++++++++++++++++++
 conf.d/kibana.shore.co.il.conf        | 29 +++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 conf.d/elasticsearch.shore.co.il.conf
 create mode 100644 conf.d/kibana.shore.co.il.conf

diff --git a/conf.d/elasticsearch.shore.co.il.conf b/conf.d/elasticsearch.shore.co.il.conf
new file mode 100644
index 0000000..051d4ba
--- /dev/null
+++ b/conf.d/elasticsearch.shore.co.il.conf
@@ -0,0 +1,28 @@
+map $host $es { default elasticsearch; }
+
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name elasticsearch.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/www-acme-challenge.conf;
+    include     snippets/redirect-https.conf;
+}
+
+server {
+    listen      443 ssl http2;
+    listen      [::]:443 ssl http2;
+    server_name elasticsearch.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/ssl.conf;
+
+    location / {
+        proxy_pass              http://$es:9200$request_uri;
+        proxy_http_version      1.1;
+        include                 snippets/allow-shore-ips.conf;
+    }
+}
diff --git a/conf.d/kibana.shore.co.il.conf b/conf.d/kibana.shore.co.il.conf
new file mode 100644
index 0000000..d45ddb7
--- /dev/null
+++ b/conf.d/kibana.shore.co.il.conf
@@ -0,0 +1,29 @@
+map $host $kibana { default kibana; }
+
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name kibana.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/www-acme-challenge.conf;
+    include     snippets/redirect-https.conf;
+}
+
+server {
+    listen      443 ssl http2;
+    listen      [::]:443 ssl http2;
+    server_name kibana.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/ssl.conf;
+    include     snippets/vouch.conf;
+
+    location / {
+        proxy_pass              http://$kibana:5601$request_uri;
+        proxy_http_version      1.1;
+        include                 snippets/proxy-headers.conf;
+    }
+}
-- 
GitLab