nginx - Limit HTTP verbs without redundant config -

nginx - Limit HTTP verbs without redundant config -

i've got elasticsearch cluster plus logstash , kibana, , want expose read-only window indexes, exception of index kibana-int dashboards can saved.

i've found suitable es proxy config, , i've modified utilize limit_except disallow write/modify other indexes, much of config needlessly duplicated. there cleaner way define this?

upstream elasticsearch { server es-01.iad.company.com:9200; server es-02.iad.company.com:9200; } server { hear 9200; server_name elasticsearch.proxy; client_max_body_size 50m; location / { limit_except post head options { deny all; } proxy_pass http://elasticsearch; proxy_redirect off; proxy_set_header connection ""; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header host $http_host; proxy_pass_header access-control-allow-origin; proxy_pass_header access-control-allow-methods; proxy_hide_header access-control-allow-headers; add_header access-control-allow-headers 'x-requested-with, content-type'; add_header access-control-allow-credentials true; } location /kibana-int/ { proxy_pass http://elasticsearch; proxy_redirect off; proxy_set_header connection ""; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header host $http_host; proxy_pass_header access-control-allow-origin; proxy_pass_header access-control-allow-methods; proxy_hide_header access-control-allow-headers; add_header access-control-allow-headers 'x-requested-with, content-type'; add_header access-control-allow-credentials true; } }

there several ways:

solution 1

you set repeating config file , include it.

your config:

upstream elasticsearch { server es-01.iad.company.com:9200; server es-02.iad.company.com:9200; } server { hear 9200; server_name elasticsearch.proxy; client_max_body_size 50m; location / { limit_except post head options { deny all; } include proxy.inc; } location /kibana-int/ { include proxy.inc; } }

proxy.inc:

proxy_pass http://elasticsearch; proxy_redirect off; proxy_set_header connection ""; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header host $http_host; proxy_hide_header access-control-allow-headers; add_header access-control-allow-headers 'x-requested-with, content-type'; add_header access-control-allow-credentials true; solution 2

other way utilize nginx's directive inheritance.

upstream elasticsearch { server es-01.iad.company.com:9200; server es-02.iad.company.com:9200; } server { hear 9200; server_name elasticsearch.proxy; client_max_body_size 50m; proxy_redirect off; proxy_set_header connection ""; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header host $http_host; proxy_hide_header access-control-allow-headers; add_header access-control-allow-headers 'x-requested-with, content-type'; add_header access-control-allow-credentials true; location / { limit_except post head options { deny all; } proxy_pass http://elasticsearch; } location /kibana-int/ { proxy_pass http://elasticsearch; } }

btw, proxy_pass_header directives needless. nginx proxies headers default.

nginx