Java proxy to secure Kibana


I have written a proxy server code in my existing application to proxy kibana deployed on AWS. The logic is simple I put in few headers and rewrite all urls starting with _plugin/kibana to myApp/_plugin/kibana to go through my application.

so basically i call http://myserver/mpApp/_plugin/kibana. I could get kibana to load the GUI.

I have an existing index datacuts and have 2 dashboards created for it already.

When I access dev tools and say

GET datacuts

I can see the mappings of my index.

But when I run a query like

GET datacuts/datacut/_search

I get a index not found exception. [404] I am not sure why this is happening to me. In my code I am setting the following headers

Access-Control-Allow-Origin, content-type, kbn-version[5.5.2].

and of course I am copying the body and the query string in url as it is.

One more thing that I noticed is that when I load my kibana through the proxy the first _msearch call fails with a 400 with below error.

{"error":{"root_cause":[{"type":"action_request_validation_exception","reason":"Validation Failed: 1: no requests added;"}],"type":"action_request_validation_exception","reason":"Validation Failed: 1: no requests added;"},"status":400} header{access-control-allow-origin=[*], Cache-Control=[no-cache], Content-Type=[application/json; charset=UTF-8], Date=[Wed, 04 Apr 2018 13:54:41 GMT], kbn-name=[kibana], kbn-version=[5.5.2], server=[Jetty(8.1.12.v20130726)], x-amzn-RequestId=[b91dc342323-380f-11e8-aa97-5906cd206e04], Content-Length=[235], Connection=[keep-alive]}

Any help would be much appreciated!

It's not obvious from the description that you've given how your proxy is misconfigured. It's rather common to put Kibana behind a reverse-proxy with Nginx/Apache, and it's definitely a supported configuration.

Would you mind elaborating on what you're doing with your reverse proxy and why you're setting the additional headers? Are you adding the headers for the requests to Kibana itself, or are you adding them on the response to the client.


Sorry that I did not clearly mention this part.

I have a existing spring application, and I have built the proxying logic in it.

HttpHeaders headers = new HttpHeaders();
            headers.add("Access-Control-Allow-Origin", "https://my-es-server"+restOfTheUrl);
            headers.add("content-type", request.getContentType());
            headers.add("kbn-version", "5.5.2");
            HttpEntity<String> httpEntity = (body==null)?new HttpEntity<>(headers):
                new HttpEntity<String>(body,headers);
            RestTemplate restTemplate = new RestTemplate();
            restTemplate.getMessageConverters().add(new ByteArrayHttpMessageConverter());
            ResponseEntity<String> resp =, HttpMethod.valueOf(request.getMethod()), httpEntity, String.class);
switch(resp.getHeaders().getContentType().getType()) {
            case "text" :
                String responseBody = resp.getBody().toString();
                logger.debug("index count" + responseBody.indexOf("/_plugin/kibana"));
                responseBody = responseBody.replaceAll("_plugin/kibana","myApp/_plugin/kibana");
                return new ResponseEntity<String>(responseBody.toString(), resp.getHeaders(), HttpStatus.OK);
            return resp;

So if you look at this code. I have passed some headers that I identified as required for kibana to respond. Also since I have a web context, I am scanning the response and I am appending myApp context to the response if its of type text.

But I don't think this this has anything to do with my problem.

Still looking for a solution. If anyone can help, would be great!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.