I'm adding dashboards from Kibana in my website but I have a constraint : the end user doesn't have to get access to the Kibana platform! In order to deny this access, I retrieve the iframe server side by creating a custom controller (using Spring MVC) that make the call to Kibana.
Front side, I add an iframe like that :
<iframe src="http://mysite.com/viz/retrieve/1" width="100%" height="600px"></iframe>
As you can see, the src field doesn't point to Kibana but to my controller that will retrieve the content of the iframe. The call is working, I retrieve correctly the content of the iframe but I've got the following error message:
Kibana did not load properly. Check the server output for more information.
And I don't have any information on server output.
So... is my solution suitable for my need or is there a way to get the iframe without specifying the Kibana's address ?
My guess is your app is trying to pull it from the Kibana instance but isn't passing a required header or something like that as part of the request.
When a request is made to
http://mysite.com/viz/retrieve/1, how are you retrieving the visualization from Kibana?
Thanks for your input!
http://mysite.com/viz/retrieve/1 is retrieving the visualization by calling a Spring Controller which made the GET request and returns the content of the iframe. But, in that content, I can see some relative path so the iframe is trying to call
http://mysite.com/viz/retrieve/1/ui/xx.js -> it fails.
What I'm trying to do now is to open Kibana to the Internet (to be accessible by any client) but I want to add a nginx proxy to only allow users from my platform (http://mysite.com/) and deny the others. Do you think it's the right / good idea to solve my problem ?
How do you plan to determine if a user came from your platform?
Also, be aware that anyone you give access to Kibana to will be able to see everything, and modify anything. So clients will be able to see other clients' information, and even change it. You can add proxy rules to block update requests, but I couldn't tell you offhand what you'd have to block. PUT/POST requests to
/elasticsearch is a good start though.
Well, I've got the
referer in the header request which points to my platform. Don't know if I can use it to determine that the users came from my platform but it's a start.
Yes, good point about Kibana but as Kibana says :
Note that all clients must be able to access Kibana.
But I don't want that
User from X can see the data of
User from Y. But in that case, maybe a server per client (X/Y/...) is a solution.
In the end, I found Kibana quite inadequate for my "restriction needs" but in the meantine, it's a powerfull visualization tool that I really need.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.