Installing Kibana to connect to Elasticsearch production server

Hello,

First post, so there is a likelihood that I may not understand how things work in connecting Kibana and Elasticsearch in a secure production environment.

So, I have a live website that has access to our closed local network. The live website connects to our elasticsearch instance which is configured in the elasticsearch.yml to be 191.168.32.200:9200

I make a call from our live server to 191.168.32.200:9200 to make a query. This works great.

When I connect to Kibana on191.168.32.200, I get an error showing that it is not able to connect to elasticsearch on localhost:9200. This seems an obvious case since elasticsearch is configured to map to 191.168.32.200.

How do I reconcile this?

On my web server I am using the Elasticsearch PHP client library to connect to the elasticsearch node which is not of course localhost in relation to the live server. It would be insecure to install elasticsearch directly on a live server that has access to the open web. Therefore a client using the PHP API would never use localhost:9200. Am I right?

Of course If I do change my elasticsearch.yml to point to 127.0.0.1, then Kibana comes up properly, but then... bang, no remote access from my live client server.

What config changes have you made to ES and KB around the network interfaces it listens to?

Only changes to the elasticsearch.yml and kibana.yml

ES:
network.host: 191.168.32.200
KB
elasticsearch.url: "http://191.168.32.200:9200"

Was that just a rhetorical question about the config changes, or was there anything else that could be adjusted?

No, I just have a day job that I need to do as well
And having the info means someone else might be able to jump in and help.

But there doesn't appear to be anything wrong with that. Can you curl 191.168.32.200:9200 from the KB host?

Sorry, wasn't meant as a criticism, just wondering it it meant there was something to be adjusted, or if it was just for general information sake.

And yes, you are right... more info means others can jump in. Thank you

The answer is yes, If I curl 191.168.32.200:9200 from the local machine, I get the elasticsearch server info. If I curl 191.168.32.200, I get the Kibana authentication notification.

Thanks again,

Brian

And is 191.168.32.200 the local machine, aka the machine with ES and KB running on it?
Just wanting to make sure I am clear on things

Yes, the machine at that IP is also the machine that ES and KB are installed on.

It's not a firewall is it?
What if you stop ES and KB, start ES, wait for green, then start KB?

Well, I disabled ufw and verified it was inactive for testing purposes. I stopped both ES and KB, then restarted ES and then KB. Still, I am getting the same error.

Status: Red

plugin:kibana Ready
plugin:elasticsearch Unable to connect to Elasticsearch at http://localhost:9200.
plugin:kbn_vislib_vis_types Ready
plugin:markdown_vis Ready
plugin:metric_vis Ready
plugin:spyModes Ready
plugin:statusPage Ready
plugin:table_vis Ready

Can you paste (or use gist/pastebin/etc) the entire KB config file, as it is, comments and all?

http://pastebin.com/0YGjSPfa

You haven't uncommented elasticsearch.url?

what in that entire file needs to be uncommented and what remains commented?

now I restarted all my services and cant recall my kibana dashboard password. I need to figure how to reset.

You need to edit it and remove the # in front of server.host: "191.168.32.200", then restart KB.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.