ELK - Enable Kibana Login (Basic Auth) without SSL/TLS on Multi Instance Docker Swarm Cluster

Elastic Stack Kibana
,
1

Hi, I have a multi node - multi instance (VM and BareMetal servers) docker swarm cluster for my ELK Stack with 3 ES Masters, 3 Kibana Nodes, data nodes etc.

ES and Kibana Version - 7.17.8

I want to enable basic authentication for Kibana which allows login screen to Kibana but without HTTP and Transport SSL enabled (i.e no certificates).

It this possible with basic only license to achieve this over multiple nodes / instances ? Please help!

Below is my docker compose .yml

version: '3.8'
configs:
  nginx.conf:
    external: true
  load-balancer.conf:
    external: true
services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.8
    container_name: es01
    environment:
      - node.name=es01
      - cluster.name=es-docker-cluster
      - network.host=0.0.0.0
      - discovery.seed_hosts=98.8.171.70,98.8.171.71,98.8.171.72
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms16g -Xmx16g"
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=false
      - xpack.security.transport.ssl.enabled=false
      - ELASTIC_PASSWORD=changeme
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /data/elastic:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
      - 9300:9300
    networks:
      - aps-elk-network-prod
    deploy:
      placement:
        constraints: [ node.labels.role == elk-master-node ]
  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.8
    container_name: es02
    environment:
      - node.name=es02
      - cluster.name=es-docker-cluster
      - network.host=0.0.0.0
      - discovery.seed_hosts=98.8.171.70,98.8.171.71,98.8.171.72
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms16g -Xmx16g"
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=false
      - xpack.security.transport.ssl.enabled=false
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /data/elastic:/usr/share/elasticsearch/data
    networks:
      - aps-elk-network-prod
    deploy:
      placement:
        constraints: [ node.labels.role == elk-master-node ]
  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.8
    container_name: es03
    environment:
      - node.name=es03
      - cluster.name=es-docker-cluster
      - network.host=0.0.0.0
      - discovery.seed_hosts=98.8.171.70,98.8.171.71,98.8.171.72
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms16g -Xmx16g"
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=false
      - xpack.security.transport.ssl.enabled=false
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /data/elastic:/usr/share/elasticsearch/data
    networks:
      - aps-elk-network-prod
    deploy:
      placement:
        constraints: [ node.labels.role == elk-master-node ]
  elk-data:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.8
    container_name: elk-data    
    environment:
      - node.name=elk-data-{{.Node.Hostname}}
      - discovery.seed_hosts=98.8.171.70,98.8.171.71,98.8.171.72
      - cluster.initial_master_nodes=es01,es02,es03
      - cluster.name=es-docker-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms16g -Xmx16g"
      - node.master=false
      - node.data=true
      - node.ingest=true
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /data/elastic:/usr/share/elasticsearch/data
    networks:
      - aps-elk-network-prod
    deploy:
      replicas: 11
      placement:
        constraints: [ node.labels.role == elk-data-node ]
  kibana:
    image: docker.elastic.co/kibana/kibana:7.17.8
    environment:
      ELASTICSEARCH_HOSTS: '["http://98.8.171.72:9200","http://98.8.171.71:9200","http://98.8.171.70:9200"]'
      ELASTICSEARCH_USERNAME: elastic
      ELASTICSEARCH_PASSWORD: changeme
    networks:
      - aps-elk-network-prod
    ports:
      - 5601:5601
    depends_on:
      - es01
    deploy:
      replicas: 3
      placement:
        constraints: [ node.labels.label3 == elk-kibana-node ]
        max_replicas_per_node: 1
  elk-coordinator:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.8
    container_name: elk-coordinator    
    environment:
      - node.name=elk-coordinator-{{.Node.Hostname}}
      - discovery.seed_hosts=98.8.171.70,98.8.171.71,98.8.171.72
      - cluster.initial_master_nodes=es01,es02,es03
      - cluster.name=es-docker-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms16g -Xmx16g"
      - node.master=false
      - node.data=true
      - node.ingest=true
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /data/elastic:/usr/share/elasticsearch/data
    networks:
      - aps-elk-network-prod
    deploy:
      replicas: 3
      placement:
        constraints: [ node.labels.label1 == elk-coordinator-node ]
        max_replicas_per_node: 1
  nginx: 
    image: nginx:latest
    container_name: oss_elk_ncw_nginx
    configs:
      - source: nginx.conf
        target: /etc/nginx/nginx.conf 
      - source: load-balancer.conf
        target: /etc/nginx/conf.d/load-balancer.conf        
    ports:
      - 9000:9000
    networks:
      - aps-elk-network-prod
    deploy:
      placement:
        constraints: [ node.labels.role == elk-loadbalancer-node ]
networks:
  aps-elk-network-prod:
    driver: overlay
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.