Kibana balancing via VIP


(Alessio Creo) #1

Hi there,

I'm trying to balance two kibana instances running in different machine listening on https://10.0.0.250:5601 and https://10.0.0.251:5601. The network admin set a cirtix load balancer to redirect the network traffic via virtual IP kibanamain. When I conncect to https://kibanamain I'm redirected to the login page; but when I submit the credentials I'm redirected infinite time to the empty login page. What I am doing wrong? Follows the config taht I provide to the network admin and kibana.yml. Thank you.

kibana.yml

server.host: "0.0.0.0"

elasticsearch.username: "kibana"

elasticsearch.password: "kibana"

elasticsearch.hosts: ["http://10.0.0.250:9200"]

elasticsearch.requestTimeout: 60000

server.ssl.enabled: true

server.ssl.certificate: /Elastic/kibana-6.7.1-linux-x86_64/config/certs/cert.pem

server.ssl.key: /Elastic/kibana-6.7.1-linux-x86_64/config/certs/private_key.key


pid.file: /Elastic/kibana-6.7.1-linux-x86_64/logs/kibana.pid

citrix specs

kibanamain :

1. Protocol: HTTPS

2. Balancing: ROUND ROBIN

3. Persistence: DISABLED

4. Client Idle Time-out: 180''

5. Server Idle Time-out: 180''

6. http compression: ENABLED

7. Web Socket Connection: DISABLED

8. Check service:

Interval between checks: 5''

Response time-out: 2''

Retries: 3

Type: GET   

Link: https://10.0.0.250:5601, https://10.0.0.251:5601

#2

Hi @Alessio_Creo

Do the 2 instances share the same xpack.security.encryptionKey?

Cheers


(Alessio Creo) #3

Thank you for the answer. I've left the default settings, without specifying any config.


#4

You will need to set the same encryption key on both instances.

Please refer to the docs for more information: https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html

Cheers


(Alessio Creo) #5

Issue solved. The problem was in the Load Balancer config. I set the Persistance to disabled so the session wasn't saved and the blancer didn't "remember" that the user was logged in, so it was asking for credentials forever.

Thank you very much for the support.


#6

Glad you got it solved. Happy to help