nginx / login-only settings for elasticsearch and kibana?

[cboettig]

Do we want secure credentials to be required for login access to the elasticsearch api?

I think the best way to do this would be a nginx layer with a CA certificate; since that should allow the API to work under programmatic calls without the user having to click / authenticate stuff, as long as they had the secure CA certificate installed on their machine.

[sckott]

yeah, seems best to secure these services

[sckott]

see also #43