How to secure access to Kibana?

Hi to everyone

I have made an installation of ELK stack version 8.1 on three different servers (one for Kibana, one for Logstash and one for Elasticsearch)

I have reviewed the documentation and I have seen that to integrate ELK against LDAP or SAML you need a paid license. Right now access to Kibana is not secure, so anyone who knows the URL can access the data. Is there a way to secure access to Kibana with local users?

I have seen in some forum, that it can be secured by installing an nginx in front and putting the authentication by nginx but it does not work for me since users and roles could not be defined.

Is there a way to secure Kibana using local users?

Thank you very much in advance

Welcome to our community! :smiley:

Our free Security functionality is enabled by default in 8.X, so as long as you followed the documentation you should have TLS and access control setup - Installing the Elastic Stack | Elastic Installation and Upgrade Guide [8.1] | Elastic

Thank you very much for the quick answer.

In the installation of ELK I followed the documentation for installation via apt install on Ubuntu machines, and I did not change anything in the default Elasticsearch configuration.

This is my ES config my-application
# ------------------------------------ Node ------------------------------------
# Use a descriptive name for the node:
# node-1
# Add custom attributes to the node:
#node.attr.rack: r1
# ----------------------------------- Paths ------------------------------------
# Path to directory where to store the data (separate multiple locations by comma):
# /var/elk/elasticsearch/lib
# Path to log files:
path.logs: /var/log/elasticsearch
# ----------------------------------- Memory -----------------------------------
# Lock the memory on startup:
#bootstrap.memory_lock: true
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
# Elasticsearch performs poorly when the system is swapping the memory.
# ---------------------------------- Network -----------------------------------
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
http.port: 9200
# For more information, consult the network module documentation.
# --------------------------------------------------------------------------------

# Enable security features false true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: [""]

# Allow HTTP API connections from localhost and local networks
# Connections are encrypted and require user authentication [_local_, _site_]

# Allow other nodes to join the cluster from localhost and local networks
# Connections are encrypted and mutually authenticated [_local_, _site_]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*

I understand that to enable the login screen in Kibana I have to change several parameters:

In ES I have to put true

And then change in Kibana.yml where the configuration is indicated towards ES adding username and password.


I have an elk version 7 installed for testing and for kibana authentication I only have to enable the parameter in ES: true without the need to configure certificates

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.