0

I have Elasticsearch 6.4.3 and Kibana 6.4.3 installed on Debian 8 Jessie.

I've looked into X-Pack and Shield, which both seem to be mostly concerned with security within Elasticsearch, and how to control security BETWEEN Elasticsearch and Kibana.

I don't really need security on the backend between Kibana and ES. However we would like the Kibana web page to be world accessible with a login page.

Is it possible to implement ONLY a login page for the Kibana site?

BurningKrome
  • 525
  • 2
  • 8
  • 21

1 Answers1

1

I don't know how to do what you want with X-Pack or Shield, but you could use simple nginx configuration above kibana. Example of nginx site config:

server {
listen 80;
    server_name kibana.youdomain.com;
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

}

In this example kibana works on 5601 port. Also you should add user and password:

sudo sh -c "echo -n 'user:' >> /etc/nginx/htpasswd.users"
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/htpasswd.users"
warder
  • 138
  • 1
  • 11
  • I think it is possible to configure apache same way as nginx. You should give it a try. – warder Nov 16 '18 at 10:01
  • Thanks for that suggestion. The server is currently using Apache (for other sites). I'm assuming this same idea should work for Apache2? – BurningKrome Nov 16 '18 at 10:07