We will do this whole thing on lighttpd. First, let’s install all the necessary software

apt install lighttpd lighttpd-mod-authn-ldap

А дальше настраиваем:

server.modules += ("mod_auth")
server.modules += ("mod_proxy")
server.modules += ("mod_redirect")
server.modules += ("mod_accesslog")

accesslog.filename = "/var/log/lighttpd/logs-access.log"

$SERVER["socket"] == ":80" {
    $HTTP["host"] =~ ".*" {
        url.redirect = ("^(.*)" => "https://%0$0")
    }
}

$SERVER["socket"] == ":443" {
    protocol = "https://"
    ssl.engine  = "enable"
    ssl.pemfile = "/etc/lighttpd/ssl/server.pem"
    ssl.use-sslv2 = "disable"

    auth.backend = "ldap"
    auth.backend.ldap.hostname = "ldap.corp.example.com:389"
    auth.backend.ldap.base-dn = "DC=corp,DC=example,DC=com"
    auth.backend.ldap.bind-dn = "CN=kibana,OU=Accounts,DC=corp,DC=example,DC=com"
    auth.backend.ldap.bind-pw = "{password}"
    auth.backend.ldap.filter = "(sAMAccountName=$)"
    auth.backend.ldap.allow-empty-pw = "disable"

    auth.require = (
        "/" => (
            "method" => "basic",
            "realm" => "corp.example.com",
            "require" => "valid-user"
        )
    )

    proxy.server = ("" => (("host" => "127.0.0.1", "port" => "5601")))
}