Configure Nginx, Kibana, Elasticsearch

Question

My setup

Nginx + Kibana - same box different domain, sub-domain (nginx - example.com, kibana - kibana.example.com)

Elasticsearch - 192.168.100.31

I have used the config defined below. Replaced 127.0.0.1 with Elasticsearch ip 192.168.100.31

https://github.com/elasticsearch/kibana/blob/master/sample/nginx.conf

This setup works within local network. But fails when connecting externally with error message on browser "Error Could not contact Elasticsearch at http://192.168.100.31:9200. Please ensure that Elasticsearch is reachable from your system.".

Kibana config.js points to ip and port 9200 -

  elasticsearch: "http://192.168.100.31:9200",

Note: Changing this port to match port defined in nginx config 8433 makes it stop functioning.

nginx config

server {
    listen          8443 ssl;
    server_name     kibana.example.com;

    access_log  /var/logs/nginx/kibana.access.log main;
    error_log   /var/logs/nginx/kibana.error.log;

    auth_basic "Authorized users";
    auth_basic_user_file /file/location/kibana.htpasswd;

    location / {
        root  /usr/local/kibana-3.1.0;
        index  index.html  index.htm;            
    }       

    location ~ ^/_aliases$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
    }
    location ~ ^/.*/_aliases$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
    }
    location ~ ^/_nodes$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
    }
    location ~ ^/.*/_search$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
    }
    location ~ ^/.*/_mapping {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
    }

    # Password protected end points
    location ~ ^/kibana-int/dashboard/.*$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
        limit_except GET {
          proxy_pass http://192.168.100.31:9200;
          # auth_basic "Restricted";
          # auth_basic_user_file /file/location/kibana.htpasswd;
        }
    }
    location ~ ^/kibana-int/temp.*$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
        limit_except GET {
            proxy_pass http://192.168.100.31:9200;
            # auth_basic "Restricted";
            # auth_basic_user_file /file/location/kibana.htpasswd;
        }
    }
}

Feels there has to be some proxy setting between nginx and elasticsearch to prevent local ip displayed on browser. Can someone show how to get this configured.

Sounds like the system elasticsearch is running on needs to have the firewall settings changed, — Gene, Oct 05 '14 at 01:58
Can you elaborate more. I believe, `elasticsearch` should not be accessible from outside. External user should not see internal ip mapping. `nginx` should handle this. Internally when I hit the same endpoint I get all the data because browser can hit local end point within network. Some example, reference would help. — java_dude, Oct 05 '14 at 02:57
Have you updated config.js as in the comment at the top of the example code? That tells the browser to talk to the nginx proxy rather than trying to reach elasticsearch directly. — Paul Haldane, Oct 05 '14 at 08:19
I have update above with more details regarding `nginx` config and `kibana` `config.js` settings. Changing the port in `config.js` disables connection between `kibana` and `elasticsearch` — java_dude, Oct 05 '14 at 16:47
Found solution, had to set PROXY in `nginx` and of course set FQDN matching in `Kibana's` `configs.js` — java_dude, Oct 06 '14 at 07:06

score 0 · Accepted Answer · answered Oct 12 '14 at 02:43

0

Found solution, had to set PROXY in nginx and of course set FQDN matching in Kibana's configs.js

answered Oct 12 '14 at 02:43

java_dude

133
1
2
6

2

Can you elaborate? your answer does not explain anything. – Roman Dec 04 '14 at 07:16
elasticsearch: "https://localhost:9200/" in kibana config.js needs to match the FQDN e.g. if nginx is on home.local elastics-search settings should be elasticsearch: "https://home.local/ assuming the connection is over SSL. – Robert Feb 08 '15 at 16:55

Configure Nginx, Kibana, Elasticsearch

1 Answers1