Add subdomain to kibana instance

tehho · April 10, 2019, 2:03pm

Hi.

We would like to add a diffrent subdomain to our kibana instances for human readable urls.
How do we do this?
Example: backup-test.example.com

When we have a CNAME from backup-test.example.com pointed to GUID.example.com and GUID.example.com pointed to the ece proxy loadbalancer ip this works. But not when we have backup-test.example.com pointed directly to the ip.

To handle easy setup we want to be able to create CNAME clustername.example.com pointed to eceproxy.example.com and handle the clustername in the kibana config in ece.

We have setup xpack.security.public using below settings:
xpack.security.public:
protocol: https
hostname: backup-test.example.com
port: 443

Are there some dns lookups in ece that translates the host to a cname if not found?

Best regards
Andreas Antonsson
Collectorbank

Alex_Piggott · April 10, 2019, 3:43pm

If you cannot prefix the cluster id at the start of the URL, then you need an nginx or similar in the middle that can inject the header X-Found-Cluster: <GUID>, otherwise the ECE proxy does not know where to send the traffic.

Alex

tehho · April 11, 2019, 6:23am

But then why does it work when we have a CNAME to the GUID hostname.
The CNAME does not get added to any headers by default.

This also breaks if you place another CNAME in between.
Ex: CNAME Backup-test -> CNAME Test -> GUID Does not work

Can we have a feature request to add a function to add a specific hostname to a cluster in ECE.
Sort of you are also hostname: INSERT_GOOD_NAME_HERE
There are some annotations that point to xpack.security.public being the solution but the above setup does not work with our nginx.
The nginx is configured to pass all 443 to 9200 on the eceproxys.

Alex_Piggott · April 11, 2019, 1:14pm

But then why does it work when we have a CNAME to the GUID hostname

@tehho There's a bunch of places (headers, Host: header, URL) where we search for a GUID

I haven't specifically looked to see where cname gets embedded in the HTTP request, but if it works then it must be one of the above

Can we have a feature request to add a function to add a specific hostname to a cluster in ECE.

We have such a feature on our roadmap - it's often requested! It's been blocked by a larger change to the proxy architecture. That's mostly done so it should get moving again soon.

There are some annotations that point to xpack.security.public

Not sure what this does, but there's a pretty standard nginx config to do what you state, something along the lines of:

upstream es_backend {
     server GUID.ip.es.io:9243;
}

server {
  listen                  127.0.0.1:9000;

  location / {
    proxy_pass              https://es_backend/;
    proxy_ssl_protocols     TLSv1.2;
    proxy_ssl_session_reuse on;
    proxy_ssl_verify        off;
    proxy_set_header X-Found-Cluster GUID;
    proxy_http_version 1.1;
    proxy_set_header Authorization "Basic AUTHENCODED==";
  }
}

system · April 25, 2019, 1:14pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.