#
# Generated by Chef
#

#disable certificate checking for now
LDAPVerifyServerCert Off

<VirtualHost redacted:80>
  ServerAdmin redacted@redacted
  ServerName netsyslog-rdd.net.redacted
  DocumentRoot /var/www/kibana3

 <IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 </IfModule>

 <Directory />
   Options FollowSymLinks
   AllowOverride None
 </Directory>
</VirtualHost>

<VirtualHost redacted:443>
  ServerAdmin redacted@redacted
  ServerName netsyslog-rdd.net.redacted
  DocumentRoot /var/www/kibana3
  <Directory />
    Options FollowSymLinks
    AllowOverride None
  </Directory>
  <Directory /var/www/kibana3 >
    Options -MultiViews
    Allow from all
  </Directory>
 # Set global proxy timeouts
  <Proxy http://127.0.0.1:9200>
    ProxySet connectiontimeout=5 timeout=90
  </Proxy>

  # Proxy for _aliases and .*/_search
  <LocationMatch "^/(_nodes|_aliases|.*/_aliases|_search|.*/_search|_mapping|.*/_mapping)$">
    ProxyPassMatch http://127.0.0.1:9200/$1
    ProxyPassReverse http://127.0.0.1:9200/$1
  </LocationMatch>

  # Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected)
  <LocationMatch "^/(kibana-int/dashboard/|kibana-int/temp)(.*)$">
    ProxyPassMatch http://127.0.0.1:9200/$1$2
    ProxyPassReverse http://127.0.0.1:9200/$1$2
  </LocationMatch>
  <Location />
    Allow from all
    Satisfy any

    AuthType Basic
    AuthName "Please login with short uid"
    AuthBasicProvider ldap

    AuthLDAPURL "ldaps://ldap-server:636/CN=Users,DC=hpcloud,DC=ms?sAMAccountName?sub?(objectClass=*)"
    AuthLDAPBindDN "CN=NetToolsApp,OU=Service Users,OU=Accounts,DC=hpcloud,DC=ms"
    AuthLDAPBindPassword "redactedpw"
    Require valid-user
  </Location>
  LogLevel info
  ErrorLog /var/log/apache2/netsyslog-rdd.net.redacted-error.log
  CustomLog /var/log/apache2/netsyslog-rdd.net.redacted-access.log combined

  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/netsyslog-rdd.net.redacted.crt
  SSLCertificateKeyFile /etc/ssl/private/netsyslog-rdd.net.redacted.key

</VirtualHost>
