Kiabana load balancing


(Vinod Patil) #1

Hi

We have configured two ELK instances with Shield , marvel plugin. We are using SSL/TLS encryption in this cluster. My both instances of kibana are accessible using their individual URLs e.g. https://host1:5601 I am trying to configure load balancing for kibana instances using apache load balancer but it is not working.
Is apache load balancer is the correct in this scenario ? If not what other options will be the best to configure kibana load balancing.

Thanks.


(Lukas Olson) #2

Could you share your apache configuration? What exactly isn't working?


(Vinod Patil) #3

If I enter IP and hit I get internal server error if I use https://IP then I get message that , This site can’t provide a secure connection 9.126.112.124 sent an invalid response.

I have added following in httpd.conf

ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all

<Proxy "balancer://mycluster">
BalancerMember "https://irldxvm081.irl.in.ibm.com:5601"
BalancerMember "https://irldxvm074.irl.in.ibm.com:5601"
Order allow,deny
Allow from all

ProxyPass "/" "balancer://mycluster"
ProxyPassReverse "/" "balancer://mycluster"

and in ssl.conf

[root@irldxvm074 conf]# sed -e '/^#/d' /etc/httpd/conf.d/ssl.conf

LoadModule ssl_module modules/mod_ssl.so

Listen 443

SSLPassPhraseDialog builtin

SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin

ServerName irldxvm074.irl.in.ibm.com
ProxyPreserveHost On
ProxyRequests off
DocumentRoot /var/www

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on
SSLProxyEngine On
SSLCertificateFile /opt/apachecerts/cert.crt
SSLCertificateKeyFile /opt/apachecerts/irldxvm074.key
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /opt/apachecerts/certnew.pem

<Proxy balancer://mycluster>
BalancerMember https://irldxvm081.irl.in.ibm.com:5601
BalancerMember https://irldxvm074.irl.in.ibm.com:5601
# technically we aren't blocking anyone, but could here
Order Deny,Allow
Deny from none
Allow from all
# Load Balancer Settings
# A simple Round Robin load balancer.
ProxySet lbmethod=byrequests


(Vinod Patil) #4

Hi ,

Did you get chance to look into this ?

One other query -
If I have only 1 ELK server with shield , SSL/TLS encryption on, is it possible to configure apache reverse proxy to https://elkserver:5601
I have tried to configure this but it is not working and not redirecting to 5601 port

Regards,
Vinod


(system) #5