From 5c2e2417af17a3a82587517de6cfd18d34c6beea Mon Sep 17 00:00:00 2001
From: Will Bradley <bradley.will@gmail.com>
Date: Tue, 19 Nov 2013 06:40:37 +0000
Subject: [PATCH] Updating with kibana/src due to github changes, and htpasswd
 for security

---
 README.md                       | 7 ++++++-
 files/kibana/kibana.conf.j2     | 6 ++++--
 files/kibana/kibana.htpasswd.j2 | 1 +
 3 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 files/kibana/kibana.htpasswd.j2

diff --git a/README.md b/README.md
index a65b4c4..c6ec4b9 100644
--- a/README.md
+++ b/README.md
@@ -24,11 +24,16 @@ and add
 foo.com
 ```
 
-Finally, unless your user account name is ubuntu with sudo access, you'll need to edit each playbook to change the username.
+Unless your user account name is ubuntu with sudo access, you'll need to edit each playbook to change the username.
 ```shell
 vi ./playbooks/*
 ```
 
+Finally, nginx/kibana will be configured with a password to prevent random people from browsing your stuff. That's in the files/kibana/kibana.htpasswd.j2 file. You might want to change the default username/password there (kibana/kibana):
+```shell
+vi ./files/kibana/kibana.htpasswd.j2
+```
+(Google for htpasswd generators if you're unfamiliar with how to make an htpasswd file.)
 
 ### Running Ansible
 
diff --git a/files/kibana/kibana.conf.j2 b/files/kibana/kibana.conf.j2
index b172c14..dd28f8b 100644
--- a/files/kibana/kibana.conf.j2
+++ b/files/kibana/kibana.conf.j2
@@ -1,7 +1,7 @@
 server {
   listen 80;
   server_name logs.notprod.pl;
-  root /var/www/kibana;
+  root /var/www/kibana/src/;
 
   # Set image format types to expire in a very long time
   location ~* ^.+\.(jpg|jpeg|gif|png|ico)$ {
@@ -17,12 +17,14 @@ server {
 
   # Catchall for everything else
   location / {
-    root /var/www/kibana;
+    root /var/www/kibana/src/;
     index index.html;
     expires 1d;
     try_files $uri/ $uri;
     if (-f $request_filename) {
       break;
     }
+    auth_basic "Restricted";
+    auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
   }
 }
diff --git a/files/kibana/kibana.htpasswd.j2 b/files/kibana/kibana.htpasswd.j2
new file mode 100644
index 0000000..aaffba6
--- /dev/null
+++ b/files/kibana/kibana.htpasswd.j2
@@ -0,0 +1 @@
+kibana:$apr1$VqB7zuBE$JaTUfOMIzOOJb0oCq8gbu/