Accessing kibana over HTTPS

lw24 · April 12, 2020, 2:18pm

I have tried to follow the steps outlined under "Detections configuration and index privilege prerequisites"

I have modified elasticsearch.yml to be:

network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: "/etc/elasticsearch/elastic-certificates.p12"
xpack.security.transport.ssl.truststore.path: "/etc/elasticsearch/elastic-certificates.p12"

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "/etc/elasticsearch/http.p12"

And have edited kibana.yml to be:

elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "password"
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/elasticsearch-ca.pem" ]
xpack.encryptedSavedObjects.encryptionKey: 'fhjskloppd678ehkdfdlproglsaeface'

When I now try and connect to https://IP:5601 I get "This site can't be reached".
When I connect over https://IP:9200 I get put my user and password in and get a JSON prinout.

Seems as if Kibana to Elasticsearch is encrypted but Kibana to browser is not working over https properly?

rugenl · April 12, 2020, 4:51pm

You would also need to configure and start Kibana, particularly this section and the server.ssl.enabled option set to True.

Check for KIbana errors and "netstat -an | grep 5601" to see if Kibana is listening on the port.

lw24 · April 13, 2020, 4:07pm

I have added:

server.ssl.enabled: true
server.ssl.certificate: "kibana-server.p12"
server.ssl.key: "kibana-server.p12"

to kibana.yml. The cert was generated using the elasticsearch CA I previously generated.

I have tried to check if kibana is listening on 5601, but it seems kibana isn't starting.

I get the following error:

● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2020-04-13 08:55:39 PDT; 3min 43s ago
Process: 89150 ExecStart=/usr/share/kibana/bin/kibana -c /etc/kibana/kibana.yml (code=exited, status=1/FAILURE)
Main PID: 89150 (code=exited, status=1/FAILURE)
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Service hold-off time over, scheduling r
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Scheduled restart job, restart counter i
Apr 13 08:55:39 ubuntu systemd[1]: Stopped Kibana.
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Start request repeated too quickly.
Apr 13 08:55:39 ubuntu systemd[1]: kibana.service: Failed with result 'exit-code'.
Apr 13 08:55:39 ubuntu systemd[1]: Failed to start Kibana.

I've tried looking in /var/log/kibana but that directory doesn't exist so don't know how best to troubleshoot from here.

Any help would be appreciated!

rugenl · April 13, 2020, 4:09pm

Kibana sometimes logs to /var/log/messages or you can start it from the command line to test.

lw24 · April 13, 2020, 4:27pm

I managed to find relevant logs with:

sudo tail -n 100 /var/log/syslog

There were a bunch of issues I remedied:

In kibana.yml I had a line "elasticsearch.url: [..." which was erroring, it needs to be elasticsearch.hosts.

I had to provide it the full path to the ssl certificate and key, and give it permissions to these, though after doing so it now starts, but errors with:

FATAL Error 0906D06C:PEM routines:PEM_read_bio:no start line

Apparently kibana can't read .p12 certs, so will need to generate ones in .pem format. Will report back on this.

system · May 11, 2020, 4:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.