How to config kibana if xpack.security.http.ssl.enabled is false

yjm17865195865 · June 16, 2022, 7:01am

I'm starting a Elasticsearch v8.2.2 throuth docker images. After started i found that TLS/SSL is enabled in default and I want to disable that( however it's fine that between es'node keep using the TLS/SSL to communicate). I changed xpack.security.http.ssl.enabled to false while keeping xpack.security.enabled to be true for I want to keep the simple username/password mode. Here is my Elasticsearch.yml

cluster.name: "docker-cluster"
network.host: 0.0.0.0

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 15-06-2022 05:15:58
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["c363a61256ab"]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

Then i started kibana via docker like

docker run --name kibana --net elastic -p 5601:5601 kibana:8.2.2

I found kibana started failed. througth browser i only got an error like 'Kibana server is not ready yet.'
I checked the docker log and here is what i got.

so how could i config the kibana to suit this condition?

Tre_Seymour · June 16, 2022, 10:03am

Hello @ yjm17865195865 , can we try adding the following stanza to your kibana.yml:

xpack.security.authc:
    providers:
      basic.basic1: 
          order: 0

?
While you try that, I am going to ask around to see if anyone else has seen this issue.

Tre_Seymour · June 16, 2022, 10:06am

@yjm17865195865 how many nodes are you running? I'm curious.

yjm17865195865 · June 17, 2022, 12:34am

just one node without using standalone mode. I found out that the main problem is kibana need a password to contact with Elasticsearch, so i go into the Elasticsearch docker container and reset the password for user 'kibana'

./elasticsearch-reset-password -u kibana

then i re-config the kibana like this, set the Elasticsearch node to link and the user-pass, and it succeed !

thx for the reply , i wonder if my issue is a common one because i think it's normal that we dont
really need this TLS/SSL feature on production but its unclear how to close it.

Tre_Seymour · June 17, 2022, 12:04pm

Hey I'm glad it worked out.

It almost looks like you set it to an empty password here:
./elasticsearch-reset-password -u kibana

Is that the case?

yjm17865195865 · June 20, 2022, 12:03am

actually, the reset-password script will generate a random password for whoever the -u command follows.

warkolm · June 21, 2022, 1:41am

In future please don't post pictures of text, logs or code. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them

yjm17865195865 · June 21, 2022, 11:55pm

ok, sorry for my rookie behavior

system · July 19, 2022, 11:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.