Apache proxy setup for cloud hosted kibana 5.6.0


(Suny Kim) #1

We have elasticsearch / kibana on the elastic cloud, and I want to show it on our website without the user having to enter a username / password. In setting up apache, this article was a great help: Kibana 5 behind reverse proxy
However, there are some minor tweaks, and Kibana 5.6 needs more proxypass directives. These can all be extracted from the web console, but this post may save you some of the hassle.

  • enabled modules in apache on Ubuntu 16.04, Apache/2.4.18 - not sure if these are all, or all are needed: a2enmod proxy_http, a2enmod headers, a2enmod mod_ssl
  • Note that my site is http, while hosted elasticsearch is https. I have no idea what I'm doing here, but it works.
  • my_username_pw_hash for http basic auth: generate e.g. with python, from base64 import b64encode; b64encode("username:password")
  • logout: Create some logout.html

This is the site.conf that presently works for me - replace everything prefixed with "my_":

<VirtualHost *:80>
    ServerName my_webserver.de
    ServerAlias www.my_webserver.de
    ServerAdmin my_webmaster@localhost

    DocumentRoot /var/www/html/my_docroot
 
  #
  # Proxy
  #
  ProxyRequests Off
  ProxyPass /elasticsearch/ https://my_elasticsearch_server-west-1.aws.found.io:9243/
  ProxyPassReverse /elasticsearch/ https://my_elasticsearch_server-west-1.aws.found.io:9243/
  ProxyPass /app/kibana https://my_kibana_server.eu-west-1.aws.found.io:9243/app/kibana
  ProxyPassReverse /app/kibana https://my_kibana_server.eu-west-1.aws.found.io:9243/app/kibana
  ProxyPass /status https://my_kibana_server.eu-west-1.aws.found.io:9243/status
  ProxyPassReverse /status https://my_kibana_server.eu-west-1.aws.found.io:9243/status
  ProxyPass /api/status https://my_kibana_server.eu-west-1.aws.found.io:9243/api/status
  ProxyPassReverse /api/status https://my_kibana_server.eu-west-1.aws.found.io:9243/api/status
  ProxyPass /api/xpack https://my_kibana_server.eu-west-1.aws.found.io:9243/api/xpack
  ProxyPassReverse /api/xpack https://my_kibana_server.eu-west-1.aws.found.io:9243/api/xpack
  ProxyPass /api/saved_objects https://my_kibana_server.eu-west-1.aws.found.io:9243/api/saved_objects
  ProxyPassReverse /api/saved_objects https://my_kibana_server.eu-west-1.aws.found.io:9243/api/saved_objects
  ProxyPass /ui/fonts/open_sans/ https://my_kibana_server.eu-west-1.aws.found.io:9243/ui/fonts/open_sans/
  ProxyPassReverse /ui/fonts/open_sans/ https://my_kibana_server.eu-west-1.aws.found.io:9243/ui/fonts/open_sans/
  ProxyPass /bundles https://my_kibana_server.eu-west-1.aws.found.io:9243/bundles
  ProxyPassReverse /bundles https://my_kibana_server.eu-west-1.aws.found.io:9243/bundles
  ProxyPass /es_admin/ https://my_kibana_server.eu-west-1.aws.found.io:9243/es_admin/
  ProxyPassReverse /es_admin/ https://my_kibana_server.eu-west-1.aws.found.io:9243/es_admin/
  ProxyPass /api/console https://my_kibana_server.eu-west-1.aws.found.io:9243/api/console
  ProxyPassReverse /api/console https://my_kibana_server.eu-west-1.aws.found.io:9243/api/console
  ProxyPass /plugins/kibana/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/kibana/
  ProxyPassReverse /plugins/kibana/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/kibana/
  ProxyPass /plugins/graph/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/graph/
  ProxyPassReverse /plugins/graph/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/graph/
  ProxyPass /plugins/timelion/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/timelion/
  ProxyPassReverse /plugins/timelion/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/timelion/
  ProxyPass /plugins/monitoring/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/monitoring/
  ProxyPassReverse /plugins/monitoring/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/monitoring/
  ProxyPass /plugins/security/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/security/
  ProxyPassReverse /plugins/security/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/security/
  ProxyPass /api/monitoring https://my_kibana_server.eu-west-1.aws.found.io:9243/api/monitoring
  ProxyPassReverse /api/monitoring https://my_kibana_server.eu-west-1.aws.found.io:9243/api/monitoring
  ProxyPass /api/reporting https://my_kibana_server.eu-west-1.aws.found.io:9243/api/reporting
  ProxyPassReverse /api/reporting https://my_kibana_server.eu-west-1.aws.found.io:9243/api/reporting
  ProxyPass /api/security https://my_kibana_server.eu-west-1.aws.found.io:9243/api/security
  ProxyPassReverse /api/security https://my_kibana_server.eu-west-1.aws.found.io:9243/api/security
  ProxyPass /app/graph https://my_kibana_server.eu-west-1.aws.found.io:9243/app/graph
  ProxyPassReverse /app/monitoring https://my_kibana_server.eu-west-1.aws.found.io:9243/app/monitoring
  ProxyPass /app/monitoring https://my_kibana_server.eu-west-1.aws.found.io:9243/app/monitoring
  ProxyPassReverse /app/graph https://my_kibana_server.eu-west-1.aws.found.io:9243/app/graph
  #
  # SSL
  #
  SSLProxyEngine On
  SSLProxyCheckPeerCN on
  SSLProxyCheckPeerExpire on
  #
  # Kibana authentication
  #
  RequestHeader set Authorization "Basic my_username_pw_hash"

  ErrorLog ${APACHE_LOG_DIR}/my_site-error.log
  CustomLog ${APACHE_LOG_DIR}/my_site-access.log combined
</VirtualHost>

(Stacey Gammon) #2

Thanks for sharing how you got it to work @Suny!


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.