# Run me with:
#
#     $ nginx -p /path/to/this/file/ -c nginx.conf
#
# All requests are then routed to authenticated user's index, so
#
#    GET http://user:password@localhost/_search?q=*
#
# is rewritten to:
#
#    GET http://localhost:9200/_search?q=*

worker_processes  1;

pid         nginx.pid;

events {
    worker_connections  1024;
}


http {

  server {

    listen       80;
    server_name  search.example.com;

    error_log   elasticsearch-errors.log;
    access_log  elasticsearch.log;

    location / {

      # Deny access to Cluster API
      if ($request_filename ~ "_cluster") {
        return 403;
        break;
      }

      # Pass requests to ElasticSearch
      proxy_pass http://localhost:9200;
      proxy_redirect off;
          
      proxy_set_header  X-Real-IP  $remote_addr;
      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header  Host $http_host;

      # Authorize access
      auth_basic           "ElasticSearch";
      auth_basic_user_file passwords;

      # Route all requests to the root index
      rewrite ^(.*)$ $1 break;
      rewrite_log on;

      return 403;
    
    }
  }
}