server { listen 443 http2 ssl; listen [::]:443 http2 ssl; server_name {{ inventory_hostname }} {{ ec2['public_dns_name'] }} {{ ec2['private_dns_name'] }}; #auth_basic "Restricted Access"; #auth_basic_user_file /etc/nginx/htpasswd.users; ssl_certificate /etc/ssl/certs/{{ inventory_hostname }}.crt; ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.key; # ssl_dhparam /etc/ssl/certs/dhparam.pem; location / { auth_basic "Restricted Access"; auth_basic_user_file /etc/nginx/htpasswd.users; proxy_pass {%- for node,meta in mu_deployment['servers']['backend'].items() %} {%- for k,v in meta.items() %} {%- if k in ["private_ip_address"] %} http://{{ v }}:5601; {%- endif %} {%- endfor %} {%- if not loop.last %},{%- endif %} {%- endfor %} proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } #location /elastic { # set $proxy_port 9200; # proxy_pass http://localhost:9200; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection 'upgrade'; # proxy_set_header Host $host; # proxy_cache_bypass $http_upgrade; #} #location /logstash { # proxy_pass http://localhost:5044; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection 'upgrade'; # proxy_set_header Host $host; # proxy_cache_bypass $http_upgrade; #} error_page 404 /404.html; location = /404.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }