Access secured Elasticsearch from Kibana

Johann_Hochtl · October 27, 2020, 3:37pm

I configured elasticsearch to require ssl-communication, but not https via REST, see:

I can access elastic from curl using the pattern

curl -u kibana_system http://localhost:9200

I configured Kibana as following:

xpack.security.enabled: true
elasticsearch.username: "kibana_system"
elasticsearch.password: "123456"
xpack.security.encryptionKey: "ThequickbrownfoxjumpsoverthelazydogThequickbrownfoxjumpsoverthelazydog"
xpack.security.authc:
    providers:
        basic.basic1: 
            order: 0

however the log reads:

{"type":"log","@timestamp":"2020-10-27T14:57:00Z","tags":["error","elasticsearch","monitoring"],"pid":7,"message":"Request error, retrying\nGET http://localhost:9200/_xpack => connect ECONNREFUSED 127.0.0.1:9200"}
{"type":"log","@timestamp":"2020-10-27T14:57:00Z","tags":["error","elasticsearch","data"],"pid":7,"message":"Request error, retrying\nGET http://localhost:9200/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip => connect ECONNREFUSED 127.0.0.1:9200"}

It seems as if the basic authentication request to elasticsearch is ignored. I already read

So with my Basic plan this should be supported:

If Kibana has elasticsearch.username and elasticsearch.password configured, it will attempt to use these to authenticate to Elasticsearch via the native realm

I understand that the native realm is available with elasticsearch without configuration.

Please note that when I had no security configured within elastic, I could easily connect with Kibana.

Please help!

Johann_Hochtl · October 28, 2020, 9:43am

I solved the issue. It's all in the documentation:

If replacing kibana.yml with a custom version, be sure to copy the defaults to the custom file if you want to retain them. If not, they will be "masked" by the new file.

So I had to add these new default values to my kibana.yml file and now I can access elasticsearch via kibana:

xpack.security.enabled: true
elasticsearch.hosts: [ "http://elastic:9200" ]
server.host: "0"
elasticsearch.username: "kibana_system"
elasticsearch.password: "123456"
xpack.security.encryptionKey: "ThequickbrownfoxjumpsoverthelazydogThequickbrownfoxjumpsoverthelazydog"
xpack.security.authc:
    providers:
        basic.basic1: 
            order: 0

I guess the crucial part was server.host: "0" as otherwise kibana is not accessible from anywhere but localhost = from within the docker container.