I'm adding dashboards from Kibana in my website but I have a constraint : the end user doesn't have to get access to the Kibana platform! In order to deny this access, I retrieve the iframe server side by creating a custom controller (using Spring MVC) that make the call to Kibana.
Front side, I add an iframe like that : <iframe src="http://mysite.com/viz/retrieve/1" width="100%" height="600px"></iframe>
As you can see, the src field doesn't point to Kibana but to my controller that will retrieve the content of the iframe. The call is working, I retrieve correctly the content of the iframe but I've got the following error message:
Kibana did not load properly. Check the server output for more information.
And I don't have any information on server output.
So... is my solution suitable for my need or is there a way to get the iframe without specifying the Kibana's address ?
Well yes, http://mysite.com/viz/retrieve/1 is retrieving the visualization by calling a Spring Controller which made the GET request and returns the content of the iframe. But, in that content, I can see some relative path so the iframe is trying to call http://mysite.com/viz/retrieve/1/ui/xx.js -> it fails.
What I'm trying to do now is to open Kibana to the Internet (to be accessible by any client) but I want to add a nginx proxy to only allow users from my platform (http://mysite.com/) and deny the others. Do you think it's the right / good idea to solve my problem ?
How do you plan to determine if a user came from your platform?
Also, be aware that anyone you give access to Kibana to will be able to see everything, and modify anything. So clients will be able to see other clients' information, and even change it. You can add proxy rules to block update requests, but I couldn't tell you offhand what you'd have to block. PUT/POST requests to /elasticsearch is a good start though.
Well, I've got the referer in the header request which points to my platform. Don't know if I can use it to determine that the users came from my platform but it's a start.
Yes, good point about Kibana but as Kibana says : Note that all clients must be able to access Kibana.
But I don't want that User from X can see the data of User from Y. But in that case, maybe a server per client (X/Y/...) is a solution.
In the end, I found Kibana quite inadequate for my "restriction needs" but in the meantine, it's a powerfull visualization tool that I really need.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.