KIbana Basic Auth Login

security

(Rob Davidson) #1

I'm looking to use the free version of Kibana, elastic, logstash stack. Will be using it to search for logs and eventually produce visualizations.

I would like the Kibana screen to have some basic authentication.

The docker compose I used is based on this one

However I changed the docker image from
docker.elastic.co/elasticsearch/elasticsearch-platinum

to this
docker.elastic.co/elasticsearch/elasticsearch

After doing this the login screen dissapeared from Kibana. Is the kibana login screen only available in platinum version?


(Ioannis Kakavas) #2

Hi Rob,

XPack security is available, starting on GOLD license. Please take a look at our subscriptions page to see what features are available for each license.


(Robert Cowart) #3

The simplest solution is to put NGiNX in front of it on the same host as Kibana. Have Kibana only listen to 127.0.0.1 and configure NGiNX to forward to it and handle authentication. You can do the same for Elasticsearch. Although we try to convince customers to use something commercial like X-Pack or ReadonlyREST, we will at a minimum use NGiNX.

Assuming normal linux setup for NGiNX you would but a file like this in /etc/nginx/conf.d :

server {
  listen 45601;
  server_name localhost;

  location / {
    proxy_pass http://localhost:5601;
  }  
  auth_basic "Please login...";
  auth_basic_user_file /etc/nginx/conf.d/elastic.passwd;
}

server {
  listen 49200;
  server_name localhost;
 
  location / {
    proxy_pass http://localhost:9200;
  }
  auth_basic "Please login...";
  auth_basic_user_file /etc/nginx/conf.d/elastic.passwd;
}

Use OpenSSL to generate passwords:

openssl passwd -crypt YOURPASS

Depending on your version of OpenSSL passwords may be limited to 8 characters.

Put these in the elastic.passwd file, specified above in the NGiNX config, like this:

youruser:yourpass
anotheruser:theirpass

Restart NGiNX.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.