How to share dashboard for others without login after enable xpack.security

After enbale expack.secuiry, all of users should be login if they are want to discover, dashboard..etc.

If i want to share a dashboard and embed the dashboard to other web site, how i can do it ?

Another question, is there any way to let user without login to access discover and dashboard ?

Thanks
Wayne

1 Like

You can allow this by using the anonymous access feature: https://www.elastic.co/guide/en/elastic-stack-overview/current/anonymous-access.html

@Marius_Dragomir Thanks for your response, anonymouse-access seem only for elasticsearch, is it possible to used in kibana ? I enable the xpack.security, but i don't want to all of users must login kibana every time, for example, if one user only search one data from discover, I think it's no need to login, if one use want to embed a dashboard in other web page, no need to login too.

Thanks
Wayne

I use the latest version 7.2, this version included the permission control for menus

Hi Wayne,

I also faced the same issue and I search possible solution to it. As a result of my research I found that currently you cann't do that i.e. with security is enabled in kibana then you will always prompt with a login page.
this is an open issue currently. I found a possible workaround to it and in my case which is very similar to yours, it is working perfectly fine.

That time, thinking that it can be helpful to others I documented the approach, you can follow it to have access to discover without login, i.e. anonymous access to kibana.

Hope this helps
Saurabh :slight_smile:

2 Likes

Thanks so much @Saurabh_Sharma_IIT

I will follow up your provide the document to try it

thanks
Wayne

@wenchaodu Hi, I read your message on medium. Can you please provide what error you are getting when you try to access localhost:80.

I will be able to help better once you can provide the error log. For now I would say that, I found that you have: set proxy_pass https:// {my severs ip address} :5601/;

https and not http that means that you have encryption between your web browser and kibana server. If you have not set any encryption between them, then
SIMPLY change https to http i.e. remove s and I think it should work.

@Saurabh_Sharma_IIT

After I change https to http, it's return 502 bad getway , is there anything else need change ?

Beside, I use basic Authorization success with postman, maybe that mean that all of right on elasticsearch/kibana.

2019/08/06 06:05:27 [warn] 20846#20846: *13 upstream server temporarily disabled while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5601/", host: "localhost:8080"
2019/08/06 06:05:27 [crit] 20846#20846: *13 connect() to 127.0.0.1:5601 failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5601/", host: "localhost:8080"
2019/08/06 06:05:27 [warn] 20846#20846: *13 upstream server temporarily disabled while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5601/", host: "localhost:8080"

Below is the full config

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
	
	server {
		listen 8080;
		server_name localhost;
	
	
		location / {
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_pass http://localhost:5601/;
			proxy_set_header Authorization "Basic ZWxhc3RpYzplbGFzdGlj"; 
			proxy_pass_header Authorization;

		}
		
	}
	include /etc/nginx/conf.d/*.conf;
}

This issue resolved, the nginx configuration is correct, that linux system related issue.

resolved by below command
setsebool -P httpd_can_network_connect 1

Thanks @Saurabh_Sharma_IIT a lots.

1 Like

Hi @wenchaodu, Happy to know that it helps you.

Please mark solution also, so that if someone else has same issue, they know that this solution works for you.

please clap on medium post also if you find the post helpful. :sweat_smile::sweat_smile::sweat_smile: :smile::innocent: