Filebeat 401 Unauth

Hey,

I have set up filebeat with elasticsearch output. My ES instance is behind nginx reverse proxy with basic auth. I have tested my login:password with curl and everything works fine. However, I keep getting 401 unauthorized errors in my filebeat logs.

filebeat version 6.2.4 (amd64), libbeat 6.2.4

Here is my beat config:

filebeat.prospectors:

- type: log

  enabled: false

  paths:
    - /var/log/*.log

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

setup.template.settings:
  index.number_of_shards: 3

setup.kibana:
  host: "myhost:port"
  protocol: "https"
  path: "/kibana"
  username: "login"
  password: "changeme"

output.elasticsearch:
  hosts: ["myhost:port"]
  protocol: "https"
  username: "elastic"
  password: "changeme"
  path: "/elastic"

Figured out what was the problem. For anyone who will have the same problem pay attention to the path, it should exactly match the one in the nginx. I had location /elastic/ in the nginx and path /elastic in the filbeat config. After nginx made a redirection to the needed path the auth header was omitted and 401 was returned as a result.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.