How to protect Kibana 4 dashboards using apache httpd?


(Gustavo Monti Rocha) #1

Hi, we're trying to protect some dashboards using apache httpd but we don't have any URL that identify the dashboard as an unique resource.

Using Chrome dev tools we could see that when a dashboard is requested the url contains: /elasticsearch/.kibana/dashboard, but the dashboard requested is a json parameter submitted to elasticsearch. So, we need to identify the url as unique to protect it on apache httpd.

I tried to use thie article: http://wiki.linuxwall.info/doku.php/en:ressources:astuces:kibana4_nginx and rewrite the same rules on apache httpd but without success.

Any ideas how to do this? By the way, we cannot use Shield.


(Tin Le) #2

You will need to setup ... protection. I use nginx to do similar.


(Gustavo Monti Rocha) #3

Could you provide more details on how you do this?
Why cant I use apache httpd?


(Tin Le) #4

You can use Apache. Personally I prefer nginx as it is smaller, lighter weight, and more secure.

Essentially, you are going to be using a web server (whether Apache or nginx) as a proxy. You can control what you allow through the proxy.

My nginx configs are a little bit complicated at the moment and contain corporate settings. So I'll need to clean it up before I can release it.

The basic thing is to protect URL that points to your dashboard.

In nginx, use the location directive:

location ~ ^/(kibana(-int)?|kibana-int-.*?)/(?:dashboard|temp)/dashboard-you-want-to-protect {
auth_ldap "Authorized personnel only";
auth_ldap_server my-ldap-server;
}

Something like that, but more....


(Gustavo Monti Rocha) #5

Hi, but this configuration made on nginx works with kibana 4? Because, as I know this is a url schema from kibana 3.


(Tin Le) #6

Yes, I grabbed it from my kibana3 config section. I am running both k3 and k4 in the same nginx config.

Regardless, it is intended as an example. :slight_smile: The same concept work for K4.


(Gustavo Monti Rocha) #7

Thanks! I"ll try it doing similar on Apache and post the results.


(Gustavo Monti Rocha) #8

Are you sure that this configuration works on kibana 4? I tried to do this on apache and not working. I got this concept but Kibana 4 works with Rest in order to get dashboard configuration.


(Michel Braga Guimarães) #9

I have used this same article in order to block the settings session of my kibana.

I used this article to configure my nginx, and when I click on menu settings, it asks for the password, but if I cancel the login popup without actually login, I can still change anything I want on this session.

Can someone help me? I didn't find nothing to guide me through this.

Thx anyway!!


(Dfaropennetwork) #10

i can help you with apache :smiley:


(Michel Braga Guimarães) #11

Hey man...
Bout the apache, how would it be.

Can you teach me?

Already appreciate any kind of help


(David F.) #12

Sure not problem, i can try to help you

I've two users :D, same person


(system) #13