AWS ElasticSearch — NGINX reverse Proxy for accessing Kibana.

What is NGINX?

Creating an Nginx reverse proxy server in the same VPC public subnet

Nginx Reverse Proxy Architechture

Lets quickly look at the ElasticSearch server-

ES in the Private Subnet

Configuring Reverse Proxy server-

Choose the ubuntu server
configure the instance and make sure it attached to the public subnet of the VPC
You should have a server now running with the above configuration

sudo apt-get install nginx
sudo apt-get install apache2-utils
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.fedora.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
include /etc/nginx/conf.d/*.conf;

server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name _;

# Comment out the following two lines if you do not want to enable HTTP Basic Authentication
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;

location / {
# Set Host to match ES endpoint
proxy_set_header Host vpc-xxx-xxx-xxxx-xxxxxx.us-west-2.es.amazonaws.com;

# We want to be sure that we are sending instance IP instead of browser's IP
proxy_set_header X-Real-IP xx.xx.xx.136;

# Various headers
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";

# Forward requests to ES, please use https
proxy_pass https://vpc-xxx-xxx-xxxx-xxxxxx.us-west-2.es.amazonaws.com;
}

location /kibana {
# Set Host to match ES endpoint
proxy_set_header Host vpc-xxx-xxx-xxxx-xxxxxx.us-west-2.es.amazonaws.com;
# We want to be sure that we are sending instance IP instead of browser's IP
proxy_set_header X-Real-IP xx.xx.xx.136;
# Various headers

proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";

# Forward requests to Kibana, please use https and /_plugin/kibana/
proxy_pass https://vpc-xxx-xxx-xxxx-xxxxxx.us-west-2.es.amazonaws.com/_plugin/kibana/;

# Ensure that requests are coming back to /kibana/
proxy_redirect https://vpc-xxx-xxx-xxxx-xxxxxx.us-west-2.es.amazonaws.com/_plugin/kibana/ http://xx.xx.xx.136/kibana/;
}
}
}
cd /etc/nginx/conf.d/.htpasswd
sudo htpasswd -c <username>
sudo nginx -t
sudo service nginx restart

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store