Hi
We have configured two ELK instances with Shield , marvel plugin. We are using SSL/TLS encryption in this cluster. My both instances of kibana are accessible using their individual URLs e.g. https://host1:5601 I am trying to configure load balancing for kibana instances using apache load balancer but it is not working.
Is apache load balancer is the correct in this scenario ? If not what other options will be the best to configure kibana load balancing.
Thanks.
Could you share your apache configuration? What exactly isn't working?
If I enter IP and hit I get internal server error if I use https://IP then I get message that , This site can’t provide a secure connection 9.126.112.124 sent an invalid response.
I have added following in httpd.conf
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
<Proxy "balancer://mycluster">
BalancerMember "https://irldxvm081.irl.in.ibm.com:5601"
BalancerMember "https://irldxvm074.irl.in.ibm.com:5601"
Order allow,deny
Allow from all
ProxyPass "/" "balancer://mycluster"
ProxyPassReverse "/" "balancer://mycluster"
and in ssl.conf
[root@irldxvm074 conf]# sed -e '/^#/d' /etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
ServerName irldxvm074.irl.in.ibm.com
ProxyPreserveHost On
ProxyRequests off
DocumentRoot /var/www
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /opt/apachecerts/cert.crt
SSLCertificateKeyFile /opt/apachecerts/irldxvm074.key
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /opt/apachecerts/certnew.pem
<Proxy balancer://mycluster>
BalancerMember https://irldxvm081.irl.in.ibm.com:5601
BalancerMember https://irldxvm074.irl.in.ibm.com:5601
# technically we aren't blocking anyone, but could here
Order Deny,Allow
Deny from none
Allow from all
# Load Balancer Settings
# A simple Round Robin load balancer.
ProxySet lbmethod=byrequests
Hi ,
Did you get chance to look into this ?
One other query -
If I have only 1 ELK server with shield , SSL/TLS encryption on, is it possible to configure apache reverse proxy to https://elkserver:5601
I have tried to configure this but it is not working and not redirecting to 5601 port
Regards,
Vinod
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.