We have elasticsearch / kibana on the elastic cloud, and I want to show it on our website without the user having to enter a username / password. In setting up apache, this article was a great help: Kibana 5 behind reverse proxy
However, there are some minor tweaks, and Kibana 5.6 needs more proxypass directives. These can all be extracted from the web console, but this post may save you some of the hassle.
- enabled modules in apache on Ubuntu 16.04, Apache/2.4.18 - not sure if these are all, or all are needed: a2enmod proxy_http, a2enmod headers, a2enmod mod_ssl
- Note that my site is http, while hosted elasticsearch is https. I have no idea what I'm doing here, but it works.
- my_username_pw_hash for http basic auth: generate e.g. with python, from base64 import b64encode; b64encode("username:password")
- logout: Create some logout.html
This is the site.conf that presently works for me - replace everything prefixed with "my_":
<VirtualHost *:80>
ServerName my_webserver.de
ServerAlias www.my_webserver.de
ServerAdmin my_webmaster@localhost
DocumentRoot /var/www/html/my_docroot
#
# Proxy
#
ProxyRequests Off
ProxyPass /elasticsearch/ https://my_elasticsearch_server-west-1.aws.found.io:9243/
ProxyPassReverse /elasticsearch/ https://my_elasticsearch_server-west-1.aws.found.io:9243/
ProxyPass /app/kibana https://my_kibana_server.eu-west-1.aws.found.io:9243/app/kibana
ProxyPassReverse /app/kibana https://my_kibana_server.eu-west-1.aws.found.io:9243/app/kibana
ProxyPass /status https://my_kibana_server.eu-west-1.aws.found.io:9243/status
ProxyPassReverse /status https://my_kibana_server.eu-west-1.aws.found.io:9243/status
ProxyPass /api/status https://my_kibana_server.eu-west-1.aws.found.io:9243/api/status
ProxyPassReverse /api/status https://my_kibana_server.eu-west-1.aws.found.io:9243/api/status
ProxyPass /api/xpack https://my_kibana_server.eu-west-1.aws.found.io:9243/api/xpack
ProxyPassReverse /api/xpack https://my_kibana_server.eu-west-1.aws.found.io:9243/api/xpack
ProxyPass /api/saved_objects https://my_kibana_server.eu-west-1.aws.found.io:9243/api/saved_objects
ProxyPassReverse /api/saved_objects https://my_kibana_server.eu-west-1.aws.found.io:9243/api/saved_objects
ProxyPass /ui/fonts/open_sans/ https://my_kibana_server.eu-west-1.aws.found.io:9243/ui/fonts/open_sans/
ProxyPassReverse /ui/fonts/open_sans/ https://my_kibana_server.eu-west-1.aws.found.io:9243/ui/fonts/open_sans/
ProxyPass /bundles https://my_kibana_server.eu-west-1.aws.found.io:9243/bundles
ProxyPassReverse /bundles https://my_kibana_server.eu-west-1.aws.found.io:9243/bundles
ProxyPass /es_admin/ https://my_kibana_server.eu-west-1.aws.found.io:9243/es_admin/
ProxyPassReverse /es_admin/ https://my_kibana_server.eu-west-1.aws.found.io:9243/es_admin/
ProxyPass /api/console https://my_kibana_server.eu-west-1.aws.found.io:9243/api/console
ProxyPassReverse /api/console https://my_kibana_server.eu-west-1.aws.found.io:9243/api/console
ProxyPass /plugins/kibana/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/kibana/
ProxyPassReverse /plugins/kibana/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/kibana/
ProxyPass /plugins/graph/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/graph/
ProxyPassReverse /plugins/graph/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/graph/
ProxyPass /plugins/timelion/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/timelion/
ProxyPassReverse /plugins/timelion/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/timelion/
ProxyPass /plugins/monitoring/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/monitoring/
ProxyPassReverse /plugins/monitoring/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/monitoring/
ProxyPass /plugins/security/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/security/
ProxyPassReverse /plugins/security/ https://my_kibana_server.eu-west-1.aws.found.io:9243/plugins/security/
ProxyPass /api/monitoring https://my_kibana_server.eu-west-1.aws.found.io:9243/api/monitoring
ProxyPassReverse /api/monitoring https://my_kibana_server.eu-west-1.aws.found.io:9243/api/monitoring
ProxyPass /api/reporting https://my_kibana_server.eu-west-1.aws.found.io:9243/api/reporting
ProxyPassReverse /api/reporting https://my_kibana_server.eu-west-1.aws.found.io:9243/api/reporting
ProxyPass /api/security https://my_kibana_server.eu-west-1.aws.found.io:9243/api/security
ProxyPassReverse /api/security https://my_kibana_server.eu-west-1.aws.found.io:9243/api/security
ProxyPass /app/graph https://my_kibana_server.eu-west-1.aws.found.io:9243/app/graph
ProxyPassReverse /app/monitoring https://my_kibana_server.eu-west-1.aws.found.io:9243/app/monitoring
ProxyPass /app/monitoring https://my_kibana_server.eu-west-1.aws.found.io:9243/app/monitoring
ProxyPassReverse /app/graph https://my_kibana_server.eu-west-1.aws.found.io:9243/app/graph
#
# SSL
#
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire on
#
# Kibana authentication
#
RequestHeader set Authorization "Basic my_username_pw_hash"
ErrorLog ${APACHE_LOG_DIR}/my_site-error.log
CustomLog ${APACHE_LOG_DIR}/my_site-access.log combined
</VirtualHost>