Can't log in other than from the local host

rcfa · December 23, 2023, 3:11pm

I'm a newby, so excuse if I ask a dummy question, but I got to start somewhere, and being able to log in is, well, prerequisite...

So on my server, let's call it 10.0.0.1 I have installed the Elasticsearch and kibana packages. I modified in /etc/kibana/kibana.yml the server.host: 0.0.0.0

So, on 10.0.0.1 I can connect to http://10.0.0.1:5601/ and get a login prompt, and I can log in successfully with the elastic superuser user ID and password. So far so good.

On another host on the LAN, lets call it 10.0.0.2, I can also connect to http://10.0.0.1:5601/ and I get the same login prompt. BUT when I try to login, the browser goes blank for second, then comes the loading animation, and then I'm right back to the login prompt.

In the /var/log/kibana/kibana.log there are no relevant errors, the login looks the same when made on both hosts, with only expected differences (pid, trace-id, transaction-id, timestamp, etc.)

So, obviously something either prevents successful login (without throwing an error logged in the log file), or triggers an instant automatic log out after the login.

Any clues as to where I should start looking, appreciated. As I said, I'm new, just trying to get my bearings, but being able to use the web interface in a responsive browser, rather than via a sluggish browser in an xrdp session (as the server has no keyboard/screen attached), would be an important first step...

stephenb · December 23, 2023, 6:33pm

Hi @rcfa Welcome to the community.

If you use Chrome you can open the View - Dev Tools and see what is happening. Perhaps you will see something under the network tab.

Sounds like perhaps FW clipping the session?

rcfa · January 4, 2024, 7:26pm

Thanks for your response!

Tried to fix things by proxying access to kibana along these lines:

https://discuss.elastic.co/t/4-3-0-how-to-configure-your-nginx-balancer-and-apache-reverse-proxy/37351/2

Still had the same issue. Then, for giggles, I tried to log in from my iPhone, and igt worked. So, it seems to be an issue with Firefox:

Cookie “sid” does not have a proper “SameSite” attribute value. 
Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. 
This means that the cookie will no longer be sent in third-party contexts. 
If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. 
To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

There don't be sufficient settings to relax security for a particular site (at least that I could find). But given the text in the error message, it would seem that I should expect other browsers to eventually act the same, as security is ramped up.

This makes me wonder, if I have some settings wrong in /etc/kibana/kibana.yml

Currently:

server.host: "localhost"
server.basePath: "/kibana"
server.rewriteBasePath: false
server.publicBaseUrl: "https://myhost.domain.tld/kibana"
server.name: "myhost.domain.tld"

and in the corresponding apache.conf:

### Elastic - Kibana server app 
	<Location /kibana/>
		ProxyPass		http://127.0.0.1:5601/
		ProxyPassReverse	http://127.0.0.1:5601/
	</Location>

Anything that sticks out as wrong?

stephenb · January 4, 2024, 7:51pm

Hi @rcfa

Apologies, I am not a proxy expert, although I would get Kibana working correctly without the proxy first and then configure the proxy...

system · February 1, 2024, 7:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.