I'm trying to configure a Kibana alert to send webhooks to Microsoft Teams, but I'm facing an issue with proxy authentication configuration using environment variables.
All internet access goes through a corporate proxy with basic authentication and I must configure Kibana exclusively through environment variables (cannot modify kibana.yml)
I've set XPACK_ACTIONS_PROXYURL with the proxy URL, which works partially (proxy is called but returns 407 due to missing authentication). I understand I need to configure xpack.actions.proxyHeaders to include the authorization header.
I've attempted several approaches to set the proxy headers via environment variables, all unsuccessful:
Make sure the variable is exported in the shell before starting Kibana. If you still get 407, double-check the base64 string and that the proxy allows basic auth on headers.
Thank you for your previous response and suggestions.
However, I'm still encountering a 407 Proxy Authentication Required error when attempting to send notifications through Kibana, despite implementing the recommended configuration.
I set the environment variable XPACK_ACTIONS_PROXYHEADERS_AUTHORIZATION="Basic <Base64-encoded-credentials>" and verified the Base64 encoding of credentials is correct, but the 407 error persists.
Our corporate proxy team confirmed that no authentication request is reaching the proxy server when Kibana attempts to send notifications.
I also successfully tested the Teams webhook using curl with the same proxy configuration directly from the Kibana server, confirming that the proxy configuration is correct, the webhook endpoint is accessible and the authentication works when bypassing Kibana.
I enabled debug logging but the output is too verbose to identify the specific issue.
Here are my environment details:
Kibana version: 8.18.2
Proxy: McAfee/SkyHigh Web Gateway 12.2.17.0.0-53317
Is there a way to enable more targeted logging for proxy connections specifically? Or could there be an issue with how Kibana handles the XPACK_ACTIONS_PROXYHEADERS_AUTHORIZATION environment variable?
Any additional troubleshooting steps or configuration suggestions would be greatly appreciated.
There is currently no support for using basic authentication with a proxy (authentication for the proxy itself, not the URL being requested through the proxy).
@leandrojmp I noticed that documentation section as well. However, while searching this forum and online, I found references to using xpack.actions.proxyHeaders as a potential solution.
Unfortunately, it appears the documentation is accurate and this approach doesn't work as expected.
You could try setting logging.appenders in kibana.yml (or env-var equivalents) to capture only the plugins.actions and http categories at debug level. That way you’ll see just the proxy/authentication flow without the full verbose log. If the header still isn’t sent, it may be a bug in how Kibana maps env vars to xpack.actions.proxyHeaders. In that case, opening a GitHub issue with your config and proxy details would be the best next step.
Yeah, the documentation clearly states that it does not support authentication on the proxy, so even if you add an Authorization header, I would not expect this to work.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.