Beats issue with keystore and Nginx basic auth

bigor44 · April 1, 2019, 11:51am

Hi,

I have an issue since cluster and beats has bee updated to 6.7
i have a Nginx front-end that handle basic-auth to access ES.

Steps done:
Old keystore seems to not be recognized since update. ( filebeat keystore list reply nothing )
When password is in filebeat.yml (in clear), there is no issue.
When recreating keystore, Nginx replay with an Error 401.
Same error on filebeat and metricbeat

filebeat config:

filebeat.config:
  inputs:
    enabled: true
    path: /etc/filebeat/inputs.d/*.yml
    reload.enabled: true
    reload.period: 30s
  modules:
    enabled: true
    path: /etc/filebeat/modules.d/*.yml
    reload.enabled: true
    reload.period: 30s

processors:
- add_locale:
    format: abbreviation
- add_cloud_metadata: ~
- add_host_metadata: ~

output.elasticsearch:
  hosts: ["https://ip:port"]
  ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
  username: "beats"
  password: "$(ES_PWD)"

setup.template.settings:
  index.number_of_shards: 1
  index.number_of_replicas: 0

setup.kibana:
  host: "ip:port"
  protocol: "https"
  ssl.enabled: true
  ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
  username: kibana
  password: "${KI_PWD}"

pierhugues · April 1, 2019, 12:22pm

This is indead a bug in 6.7.0 a fix will be included in 6.7.1, but in the meantime you can use the following workaround. https://github.com/elastic/beats/issues/11493#issuecomment-477394760

bigor44 · April 1, 2019, 12:39pm

Thanks for your quick answer, i tried this already and i keep issuing the same error
i just did a new try
filebeat test output:

elasticsearch: https://ip:port...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: ip
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... ERROR 401 Unauthorized: <html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

system · April 29, 2019, 2:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat 401 Unauth Beats	2	960	July 4, 2018
Filebeat keystore for basic security Beats filebeat	3	2649	January 6, 2022
Filebeat PKI certificate authentication not working to es Elasticsearch elastic-stack-security	2	417	August 8, 2022
FIlebeat SSL Issue Beats	7	1601	July 31, 2019
Secure Communications from Beats to Elasticsearch Elasticsearch elastic-stack-security	4	564	December 14, 2020

Beats issue with keystore and Nginx basic auth

Related topics