Hi everyone,
I have been using the docker-compose file for a while now and it works quite well, but I needed to add some advanced authentication methods (anonymous + basic). So I tried switching to kibana.yml and to volume mount it. I am running 8.4.2
However when switching to the kibana.yml mount point I get the following error during startup of the container :
2022-10-03T09:30:22.551+00:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
[2022-10-03T09:30:59.388+00:00][INFO ][http.server.Preboot] http server running at http://0.0.0.0:5601
[2022-10-03T09:30:59.649+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2022-10-03T09:30:59.657+00:00][INFO ][preboot] "interactiveSetup" plugin is holding setup: Validating Elasticsearch connection configuration…
[2022-10-03T09:30:59.787+00:00][INFO ][root] Holding setup until preboot stage is completed.
i Kibana has not been configured.
Go to http://0.0.0.0:5601/?code=682460 to get started.
Here are the contents of my kibana.yml file:
server.shutdownTimeout: "5s"
server.host: "kibana" #changing this to localhost or 127.0.0.1 or 0.0.0.0 always results in kibana starting on http://0.0.0.0:5601
server.publicBaseUrl: "https://kibana.<tld>"
server.name: "kibana"
elasticsearch.hosts: ["https://es01:9200"]
monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: "kibana_system"
elasticsearch.password: "super_duper_secret_password"
xpack.security.authc.providers:
anonymous.anonymous1:
order: 0
credentials:
username: "visualisation"
password: "super_secret_password"
basic.basic1:
order: 1
elasticsearch.ssl.certificateAuthorities: [ "config/certs/ca/ca.crt" ]
elasticsearch.ssl.verificationMode: "certificate"
This is what kibana looks like in docker-compose
kibana:
networks:
- elastic
- proxy
container_name: kib01
depends_on:
es01:
condition: service_healthy
es02:
condition: service_healthy
es03:
condition: service_healthy
image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
volumes:
- certs:/usr/share/kibana/config/certs
- kibanadata:/usr/share/kibana/data
- ./kibana/kibana.yml:/usr/share/kibana/kibana.yml
ports:
- 127.0.0.1:${KIBANA_PORT}:5601
# environment:
# - SERVERNAME=kibana
# - ELASTICSEARCH_HOSTS=https://es01:9200
# - ELASTICSEARCH_USERNAME=kibana_system
# - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
# - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
# - SERVER_PUBLICBASEURL=https://kibana.<tld>
### I tried adding the following lines but it didn't work either###
# - XPACK_SECURITY_AUTHC_PROVIDERS_ANONYMOUS_ANONYMOUS1_ORDER=0
# - XPACK_SECURITY_AUTHC_PROVIDERS_ANONYMOUS_ANONYMOUS1_CREDENTIALS_USERNAME="visualisation"
# - XPACK_SECURITY_AUTHC_PROVIDERS_ANONYMOUS_ANONYMOUS1_CREDENTIALS_USERNAME_PASSWORD="<super_secret_password>"
# - XPACK_SECURITY_AUTHC_PROVIDERS_BASIC_BASIC1_ORDER=1
### endtry ######
mem_limit: ${MEM_LIMIT}
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
labels:
- "traefik.enable=true"
- "traefik.http.routers.kibana.entrypoints=http"
- "traefik.http.routers.kibana.rule=Host(`kibana.<tld>`)"
- "traefik.http.middlewares.kibana-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.kibana.middlewares=traefik-https-redirect"
- "traefik.http.routers.kibana-secure.entrypoints=https"
- "traefik.http.routers.kibana-secure.rule=Host(`kibana.<tld>`)"
- "traefik.http.routers.kibana-secure.tls=true"
- "traefik.http.routers.kibana-secure.tls.certresolver=http"
- "traefik.docker.network=proxy"
My gut feeling is this has something to do with network interfaces as I have the proxy network that is required by my traefik frontend but I can't figure out what's going on exactly...
I already had to add
- network.host=_site_
- network.publish_host=es01
to es01 so that I could expose it correctly to traefik so maybe I need to find some equivalent properties for kibana to function?
When I mount kibana.yml I can still curl correctly https://es01:9200 with the ca file without any error.
Any help is greatly appreciated 
