Kibana 7.8, Apache HTTPD proxy, internal server error

Elastic Stack Kibana
1

I have seen nginx is a documented way to proxy requests to a local Kibana listening on TCP 5601, but I am wondering if anyone has experience getting this to work with Apache HTTPD.

I have a Kibana 7.8.0-1 instance that works successfully and is accessible on TCP 5601. The xpack features are enabled: SSL is enabled for that port. At the moment, I have authentication enabled between Kibana and Elastic Search as well, so a service account is required to authenticate to TCP 9200. This was done with elasticsearch-setup-passwords.

In my Apache HTTPD SSL config, I have a virtual host listening on TCP 443 with the following:

<Location />
ProxyPass https://FQDN:5601/
ProxyPassReverse https://FQDN:5601/
</Location>

SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPreserveHost On
ProxyRequests Off

Although Kibana on TCP 5601 works perfectly, when I try to go to TCP 443 via Apache, I get a "internal server error" 500 in my Apache logs.

If anyone has seen this sort of behavior or has thoughts for how to troubleshoot, would greatly appreciate it.

2

Hello hanover23, what does your Kibana server log say? Please refer to Rashmi's comments for a similar situation.

3

The ultimate problem for this was due to my basic auth configuration within Apache. The backend directory service had a self-signed untrusted certificate, so when I would try to authenticate, it would complain about being unable to reach that directory service. I added "LDAPVerifyServerCert Off" to make that problem go away.

There were a couple of other things that came up, but nothing that could not be found with Google. The main curveball here was that Apache would prompt me for authentication and would take my credentials...but only when I bumped my virtual host logging level up higher did I see that there was actually some issues connecting to the directory service on the backend.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.