Basic authentication for each Kibana dashboards

Elastic Stack Elasticsearch
1

I am looking to require passwords to access specific dashboards in kibana.
I am using apache and currently have basic authentication working for the
site as a whole but want to lock it down even more so only some users have
access to specific dashboards.

Kabana v3

Below is my httpd conf file.

[root@SERVER conf.d]# cat kibana3.conf
<VirtualHost *:80>
ServerName MY SERVER NAME

DocumentRoot /var/www/kibana3
<Directory /var/www/kibana3>
Allow from all
Options -Multiviews

LogLevel debug
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log combined

Set global proxy timeouts

<Proxy http://127.0.0.1:9200>
ProxySet connectiontimeout=5 timeout=90

Proxy for _aliases and .*/_search

<LocationMatch
"^/(_nodes|_aliases|./_aliases|_search|./_search|_mapping|.*/_mapping)$">

ProxyPassMatch http://127.0.0.1:9200/$1

ProxyPassReverse http://127.0.0.1:9200/$1

Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on

/, then you will want these to be protected)
<LocationMatch "^/(kibana-int/dashboard/|kibana-int/temp)(.*)$">

ProxyPassMatch http://127.0.0.1:9200/$1$2

ProxyPassReverse http://127.0.0.1:9200/$1$2

Order deny,allow Allow from all AuthType Basic AuthBasicProvider file AuthName "Restricted" AuthUserFile /etc/httpd/conf.d/kibana-htpasswd AuthGroupFile /etc/httpd/conf.d/kibana-groups Require valid-user

<Location /#/dashboard/elasticsearch/techsupport>

Order deny,allow

Allow from all

AuthType Basic

AuthBasicProvider file

AuthName "Restricted"

AuthUserFile /etc/httpd/conf.d/kibana-htpasswd

AuthGroupFile /etc/httpd/conf.d/kibana-groups

Require valid-user

============

I also have a groups file and password file where it pulls the encrypted
passwords and users from.

GroupName: admin tom fred joe

joe:q.FjeZsgaHH.xMdf
tom:NadbOcfsqQY6nsfd
admin:j.ah3fsfdm0v7UVI

According to elasticsearch it should save the dashboards as a .json file
but it is not saving them here (hence I can not seem to lock them down with
apache through a file)
[root@SERVERdashboards]# ls
blank.json default.json guided.json logstash.js logstash.json
noted.json testdash.json

At this point I am just spinning wheels and not getting anywhere. Any help
is appreciated.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/6fecacd2-5e6a-4d82-b5fe-7d591c6cd875%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

AFAIK, Kibana by default saves it's dashboards in an ES index called
kibana-int, as referenced in your httpd.conf file here: <LocationMatch
"^/(kibana-int/dashboard/|kibana-int/temp)(.*)$">

You could restrict commands on that index based on authentication, like x
user can do GET POST, whereas y user can do DELETE GET POST PULL, etc.

On Tuesday, January 20, 2015 at 12:31:22 PM UTC-5, Taylor Wood wrote:

I am looking to require passwords to access specific dashboards in kibana.
I am using apache and currently have basic authentication working for the
site as a whole but want to lock it down even more so only some users have
access to specific dashboards.

Kabana v3

Below is my httpd conf file.

[root@SERVER conf.d]# cat kibana3.conf
<VirtualHost *:80>
ServerName MY SERVER NAME

DocumentRoot /var/www/kibana3
<Directory /var/www/kibana3>
Allow from all
Options -Multiviews

LogLevel debug
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log combined

Set global proxy timeouts

<Proxy http://127.0.0.1:9200>
ProxySet connectiontimeout=5 timeout=90

Proxy for _aliases and .*/_search

<LocationMatch
"^/(_nodes|_aliases|./_aliases|_search|./_search|_mapping|.*/_mapping)$">

ProxyPassMatch http://127.0.0.1:9200/$1

ProxyPassReverse http://127.0.0.1:9200/$1

Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on

/, then you will want these to be protected)
<LocationMatch "^/(kibana-int/dashboard/|kibana-int/temp)(.*)$">

ProxyPassMatch http://127.0.0.1:9200/$1$2

ProxyPassReverse http://127.0.0.1:9200/$1$2

Order deny,allow Allow from all AuthType Basic AuthBasicProvider file AuthName "Restricted" AuthUserFile /etc/httpd/conf.d/kibana-htpasswd AuthGroupFile /etc/httpd/conf.d/kibana-groups Require valid-user

<Location /#/dashboard/elasticsearch/techsupport>

Order deny,allow

Allow from all

AuthType Basic

AuthBasicProvider file

AuthName "Restricted"

AuthUserFile /etc/httpd/conf.d/kibana-htpasswd

AuthGroupFile /etc/httpd/conf.d/kibana-groups

Require valid-user

============

I also have a groups file and password file where it pulls the encrypted
passwords and users from.

GroupName: admin tom fred joe

joe:q.FjeZsgaHH.xMdf
tom:NadbOcfsqQY6nsfd
admin:j.ah3fsfdm0v7UVI

According to elasticsearch it should save the dashboards as a .json file
but it is not saving them here (hence I can not seem to lock them down with
apache through a file)
[root@SERVERdashboards]# ls
blank.json default.json guided.json logstash.js logstash.json
noted.json testdash.json

At this point I am just spinning wheels and not getting anywhere. Any
help is appreciated.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/b78138c2-3fe0-473f-9e69-35a552ab6488%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.