Authentication through Nginx on Kibana 7.9


I'm try to automatically authenticate in kibana 7.9 using nginx but it's not working.
I'm using native default users define in elasticsearch.

This is my nginx configuration running in docker, kibana is also deployed on doker, same network:

server {
  listen 80;
client_max_body_size 4G;
keepalive_timeout 10;
server_tokens off;

# this is the internal Docker DNS

proxy_ignore_client_abort on;

set $proxy_pass_url http://elk_kibana:5601; 
    # default access to kibana, just serve on standard port
     location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
        proxy_pass_request_headers      on;
        proxy_pass_header Authorization;
        proxy_pass $proxy_pass_url;
        proxy_redirect $proxy_pass_url /;

    #special case if I want to autologin to kibana from other apps
     location /kibana {
         rewrite ^/kibana(.*) /$1? break;

        set $aut "Basic $arg_auth";

         add_header 'Access-Control-Allow-Origin' '*';
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
         add_header 'Access-Control-Allow-Headers' 'Authorization, Origin, Host, X-Requested-With, Content-Type, Accept';

         proxy_set_header Host $proxy_pass_url;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_http_version 1.1;
         proxy_set_header Connection "Keep-Alive";
         proxy_set_header Proxy-Connection "Keep-Alive";
         proxy_set_header Authorization $aut;
         proxy_pass $proxy_pass_url;
          proxy_redirect $proxy_pass_url/  /;

# Reverse proxy of assets and front end app
    location ~ (/app|/translations|/node_modules|/built_assets/|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch|/internal|/spaces/enter) {

#I cannot do this in production!!!!
        set $aut = "Basic myauthtokenbased64_";

         proxy_pass          $proxy_pass_url;
         proxy_set_header    Host $host;
         proxy_set_header    X-Real-IP $remote_addr;
         proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header    X-Forwarded-Proto $scheme;
         proxy_set_header    X-Forwarded-Host $http_host;
         proxy_set_header    Authorization $aut;
         proxy_hide_header   Authorization;

With this configuration, setting the auth header to a fixed value, it works, but this is not acceptable .
In the first defintion /kibana I'm able to pass the auth header value as a parameter but I cannot do it for the reverse proxy of assets and front end app, since I'm not able to add any dinamic information.

If I remove the authorization setting then I obtain too many redirect error.
If I remove the reverse proxy for the front end app, then I'm not able to login.

May anyone help me understand?

Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.