Configure proxy for Elasticsearch

Hello!

We have an Elasticsearch setup running in on-prem data center as a Kubernetes application. I would like to configure SAML realm for SSO login to the cluster and Kibana, but in order to get authenticated to the Identity Provider (Azure AD) in our case, we have to go through a proxy IP address that allows access to public URL on the internet.

How can this proxy setup be added to the elasticsearch configuration? The current configuration is the following and we are using 7.6 ES version.

elasticsearch.yml: |
    cluster.name: dev-observability
    network.host: "0.0.0.0"
    bootstrap.memory_lock: false
    discovery.zen.ping.unicast.hosts: es-cluster-discovery.dev-elastic-system.svc.cluster.local
    discovery.zen.minimum_master_nodes: 2
    cluster.initial_master_nodes: es-cluster-0, es-cluster-1, es-cluster-2
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12 
    xpack.monitoring.enabled: true
    xpack.ml.enabled: false
    xpack.watcher.enabled: false
    xpack.license.self_generated.type: trial

    xpack.security.authc.token.enabled: true
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/http.p12
    xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/http.p12
    xpack.security.authc.realms.saml.saml1:
      order: 1
      idp.metadata.path: /usr/share/elasticsearch/config/idp-metadata.xml
      idp.entity_id: https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
      sp.entity_id: SP-kibana-dev
      sp.acs: https://kibana-dev.xxxxxxxxxxx.net/api/security/v1/saml
      sp.logout: https://kibana-dev.xxxxxxxxxxx.net/logout
      attributes.principal: urn:oid:0.9.2342.19200300.100.1.1
      attributes.groups: urn:oid:1.3.6.1.4.1.5923.1.5.1.
    # xpack.security.authc.realms.basic.basic1:
    #   order: 0

    node:
      master: true
      data: true
      ingest: true

Thank you for your answers!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.