Hello Everyone,
This is my configuration -
[ Elastic Search 1.6 :9200] <--- [Apache Web Server 2.4 Reverse Proxy :443/es ] <-- [Kibana 4.1 HTTPS and Port 5601]
Both Apache Reverse Proxy and Kibana are setup to use HTTPS with their own server side certificates signed by the same internal CA.
Now, when I hit the Apache URL, e.g. https://es.my.web.server.com:443/es/ , I receive a response similar to the following, which tells me everything is fine behind the reverse proxy -
{
"status" : 200,
"name" : "Sgsi.Default.Es.Node",
"cluster_name" : "sgsi_es_local",
"version" : {
"number" : "1.6.0",
"build_hash" : "cdd3ac4dde4f69524ec0a14de3828cb95bbb86d0",
"build_timestamp" : "2015-06-09T13:36:34Z",
"build_snapshot" : false,
"lucene_version" : "4.10.4"
},
"tagline" : "You Know, for Search"
}
I tried other commands as well, like _alias, _cat, _search etc. all seems to work fine.
However, when I pointed Kibana to the Reverse Proxy by updating the Kibana.yml (see below), everything was fine when I started Kibana until I hit Kibana with a browser -
port: 5601
host: "0.0.0.0"
elasticsearch_preserve_host: false
kibana_index: ".kibana"
default_app_id: "discover"
request_timeout: 300000
shard_timeout: 0
# The Elasticsearch instance to use for all your queries.
elasticsearch_url: "https://es.my.web.server.com:443/es/"
# If your Elasticsearch is protected with basic auth, this is the user
# credentials used by the Kibana server to perform maintence on the
# kibana_index at statup. Your Kibana users will still need to authenticate
# with Elasticsearch (which is proxied thorugh the Kibana server)
kibana_elasticsearch_username: esu
kibana_elasticsearch_password: esu123
# If your Elasticsearch requires client certificate and key
# kibana_elasticsearch_client_crt: /path/to/your/client.crt
# kibana_elasticsearch_client_key: /path/to/your/client.key
# If you need to provide a CA certificate for your Elasticsarech instance,
# put the path of the pem file here.
ca: /Users/vpathak/Software/kibana/config/ca_cert.crt
# Set to false to have a complete disregard for the validity of the SSL
# certificate.
verify_ssl: true
# SSL for outgoing requests from the Kibana Server (PEM formatted)
ssl_key_file: /Users/vpathak/Software/kibana/config/kbn_private.key
ssl_cert_file: /Users/vpathak/Software/kibana/config/kbn.crt
When I try to access Kibana by visiting https://sgsi.kbn.local.com:5601, Kibana appear to load for 2-3 seconds and then error out as this -
Oooops
< Go Back > < Clear Your Session >
Error: Bad Gateway
at respond (https://sgsi.kbn.local.com:5601/index.js?_b=7562:85289:15)
at checkRespForFailure (https://sgsi.kbn.local.com:5601/index.js?_b=7562:85257:7)
at https://sgsi.kbn.local.com:5601/index.js?_b=7562:83895:7
at wrappedErrback (https://sgsi.kbn.local.com:5601/index.js?_b=7562:20902:78)
at https://sgsi.kbn.local.com:5601/index.js?_b=7562:21035:76
at Scope.$apply (https://sgsi.kbn.local.com:5601/index.js?_b=7562:22126:24)
When I comment ssl_key_file and ssl_cert_file and try to access Kibana over HTTP, the result is same that it still errors out, but the error is different this time -
Oooops
< Go Back > < Clear Your Session >
Error: Unknown error while connecting to Elasticsearch
ErrorAbstract@http://sgsi.es.local.com:5601/index.js?_b=7562:83947:19
StatusCodeError@http://sgsi.es.local.com:5601/index.js?_b=7562:84096:5
respond@http://sgsi.es.local.com:5601/index.js?_b=7562:85289:15
checkRespForFailure@http://sgsi.es.local.com:5601/index.js?_b=7562:85257:7
[24]</AngularConnector.prototype.request/<@http://sgsi.es.local.com:5601/index.js?_b=7562:83895:7
qFactory/createInternalRejectedPromise/<.then/<@http://sgsi.es.local.com:5601/index.js?_b=7562:21035:29
$RootScopeProvider/this.$get</Scope.prototype.$eval@http://sgsi.es.local.com:5601/index.js?_b=7562:22022:16
$RootScopeProvider/this.$get</Scope.prototype.$digest@http://sgsi.es.local.com:5601/index.js?_b=7562:21834:15
$RootScopeProvider/this.$get</Scope.prototype.$apply@http://sgsi.es.local.com:5601/index.js?_b=7562:22126:13
done@http://sgsi.es.local.com:5601/index.js?_b=7562:17661:34
completeRequest@http://sgsi.es.local.com:5601/index.js?_b=7562:17875:7
createHttpBackend/</xhr.onreadystatechange@http://sgsi.es.local.com:5601/index.js?_b=7562:17814:1
I have no clue What is the problem Kibana is facing and what Configuration change can I do to make Kibana comfortable.
Can someone see anything wrong here ?
Thanks,
(*Vipul)() ;