Kibana 7.9.x redirects to location: /spaces/enter and doesn't work

George_Wainwright · October 25, 2020, 5:40pm

I run my Elasticsearch cluster in docker with the next config:

version: '2.4'
    services:
      elasticsearch:
        image: docker.elastic.co/elasticsearch/elasticsearch:7.9.3
        container_name: elasticsearch
        environment:
          - node.name=es01
          - cluster.name=es-apm-dev
          - bootstrap.memory_lock=true
          - discovery.type=single-node
          - xpack.security.enabled=false
          - xpack.monitoring.collection.enabled=true
          - "ES_JAVA_OPTS=-Xms4g -Xmx4g"
        ulimits:
          nproc: 65535
          memlock:
            soft: -1
            hard: -1
        volumes:
          - esdata:/usr/share/elasticsearch/data
        ports:
          - 9200:9200
        networks:
          - esnet
        restart: on-failure
        mem_limit: 5G
        cpu_count: 2

      kibana:
        image: docker.elastic.co/kibana/kibana:7.9.3
        container_name: kibana
        environment:
          - server.name=localhost
          - xpack.ilm.enabled=true
          - xpack.monitoring.enabled=true
          - elasticsearch.hosts=http://elasticsearch:9200/
        ports:
          - 127.0.0.1:5601:5601
        ulimits:
          nproc: 65535
          memlock:
            soft: -1
            hard: -1
        networks:
          - esnet
        restart: on-failure
        mem_limit: 1G
        cpu_count: 2
        depends_on:
          - elasticsearch

    volumes:
      esdata:
        driver: local

    networks:
      esnet:

When I try to run:
curl -I http://127.0.0.1:5601/
I get:
HTTP/1.1 302 Found
location: /spaces/enter
kbn-name: kibana

If I remove 127.0.0.1 and map port to 0.0.0.0, then I get blank page via proxy.
When I pressed to inspect page it says:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'nonce-cqMsewGWBDJIXCvU'". Either the 'unsafe-inline' keyword, a hash ('sha256-SHHSeLc0bp6xt4BoVVyUy+3IbVqp3ujLaR+s+kSP5UI='), or a nonce ('nonce-...') is required to enable inline execution.
Failed to load resource: the server responded with a status of 404 (Not Found)
manifest.json:1 Manifest: Line: 1, column: 1, Syntax error.

To this URI redirects also my apache proxy.
Adding server.basePath parameter didn't help as well.

What should I do to fix this issue?

tsullivan · October 29, 2020, 8:34pm

I'm not sure if this is the issue, but the environment settings need to be set using a specific syntax: all uppercase, use underscore instead of period.

So server.name=localhost should be SERVER_NAME=localhost, etc

I'm also not sure I see any problems, from just looking at the info you provided.

It is expected for Kibana to redirect to an app, or spaces selection screen, or login screen, which makes the browser have to leave the requested root URL and go somewhere else. That is why there is a 302 response.

You can add -L to the curl command to see the response from the redirect URL:

> curl -LI https://paninix/kibana
HTTP/1.1 302 Found
Server: nginx/1.19.3
Date: Thu, 29 Oct 2020 20:32:53 GMT
Content-Length: 0
Connection: keep-alive
location: /kibana/login?next=%2Fkibana%2F
kbn-name: f338758861a0
kbn-license-sig: e29449ff1944c8e5f672dee1978299e29615bb2f0a7ff0a0c826ee18bfd2d56a
kbn-xpack-sig: 74c7285b8785dc3e0eea8544d6e34773
cache-control: private, no-cache, no-store, must-revalidate

HTTP/1.1 200 OK
Server: nginx/1.19.3
Date: Thu, 29 Oct 2020 20:32:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 116927
Connection: keep-alive
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: f338758861a0
kbn-license-sig: e29449ff1944c8e5f672dee1978299e29615bb2f0a7ff0a0c826ee18bfd2d56a
kbn-xpack-sig: 74c7285b8785dc3e0eea8544d6e34773
cache-control: private, no-cache, no-store, must-revalidate
vary: accept-encoding

George_Wainwright · October 30, 2020, 1:51pm

@tsullivan,

sorry but it doesn't work:
curl -IL http://127.0.0.1:5601
HTTP/1.1 302 Found
location: /kibana/spaces/enter/spaces/enter/spaces/enter
kbn-name: localhost
kbn-license-sig: fcb38b9614ac17a474dbb628d1de7e890c2d49a1921ebd02207b26b280260bd0
kbn-xpack-sig: 0213ac89bd6c118858950458439d872f
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
Date: Fri, 30 Oct 2020 13:50:17 GMT
Connection: keep-alive

HTTP/1.1 400 Bad Request
kbn-name: localhost
kbn-license-sig: fcb38b9614ac17a474dbb628d1de7e890c2d49a1921ebd02207b26b280260bd0
kbn-xpack-sig: 0213ac89bd6c118858950458439d872f
content-type: application/json; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate
content-length: 92
Date: Fri, 30 Oct 2020 13:50:17 GMT
Connection: keep-alive

tsullivan · October 30, 2020, 4:45pm

Hi, where are you running the curl command from? Try it inside of the Kibana docker container, to see if it works without port forwarding.

Also, from your original post, the port forwarding for Kibana seems to be wrong:

I think this should be:

ports:
   - 5601:5601

You have it correctly for the Elasticsearch service, but not for Kibana. Are you able to see the ES root endpoint? In my setup with HTTPS and the ES port forwarded to 19200, it looks like:

 > curl -u elastic https://localhost:19200
Enter host password for user 'elastic':
{
  "name" : "4db96fb1172a",
  "cluster_name" : "esd",
  "cluster_uuid" : "NUzkgUp7QdSw9GOhwpHXZQ",
  "version" : {
    "number" : "7.9.1",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "083627f112ba94dffc1232e8b42b73492789ef91",
    "build_date" : "2020-09-01T21:22:21.964974Z",
    "build_snapshot" : false,
    "lucene_version" : "8.6.2",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

Last, please read the entire documentation on installing Kibana with Docker: Install Kibana with Docker | Kibana Guide [8.11] | Elastic

That page also talks about how to configure environment variables properly, which I have mentioned previously.

George_Wainwright · October 30, 2020, 9:09pm

After struggling with this I cam to the next solution in apache2 proxy settings:

    <VirtualHost *:80>
        Servername xxxx.name.xyz
        ProxyPreserveHost On
        ProxyRequests On
        ProxyPass / http://localhost:5601/
        ProxyPassReverse /(.*) http://localhost:5601/(.*)
    </VirtualHost>

Note: basePath param didn't help me here.
I didn't change my docker-compose file at all.

tsullivan · November 2, 2020, 5:56pm

It's been a long time since I've configured Apache, but this all looks good to me... especially if it works!

system · November 30, 2020, 5:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.