Kibana https


(Michele) #1

Hi everybody,
I would like to set up kibana to be reachable via https, but I can't figure how
In documentation I only found how to set elastic search to work in https
What about kibana? is it possible? google is not helping this time :slight_smile:

thanks!


(CJ Cenizal) #2

Hi Michele, take a look at https://www.elastic.co/guide/en/kibana/current/production.html#enabling-ssl and let me know if it helps.

Thanks,
CJ


(Michele) #3

I found that, but it always talks about https on elastic and kibana calling elastic on https :frowning: nothing about kibana itself on https (i.e. https://my.kibana.url:5601 )


(CJ Cenizal) #4

Hi Michele,

Under the "Enabling SSL" section, there are steps for configuring SSL (so you can load Kibana via https):

To encrypt communications between the browser and the Kibana server, you configure the ssl_key_file and ssl_cert_file properties in kibana.yml...

This means that you can load Kibana via https in your browser. Have you tried setting this configuration in your kibana.yml file? If you want to test it out, you can try using the dev certs: https://github.com/elastic/kibana/tree/master/test/dev_certs

Thanks,
CJ


(Ruslan Zaytsev) #5

Hi, all!
i got a problem with kibana 5 and https.
i succesfully setup https://kibana.url:5601 but i can't set port 443 for https://kibana.url
if i setup "server.port:" in kibana.yml to 443 i get error
443 no used by other software

if i setup "server.port:" in kibana.yml to 5602, for example, - all ok

setcap CAP_NET_BIND_SERVICE=+eip /usr/share/kibana/bin/kibana
not help for me

netstat -4pnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 719/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 717/sshd
tcp 0 0 ###.###.###.###:5602 0.0.0.0:* LISTEN 25844/node
udp 0 0 0.0.0.0:60750 0.0.0.0:* 716/collectd
udp 0 0 0.0.0.0:53 0.0.0.0:* 719/dnsmasq


netstat -6pnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 ###.###.###.###:9200 :::* LISTEN 723/java
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 723/java
tcp6 0 0 ###.###.###.###:9300 :::* LISTEN 723/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 723/java
tcp6 0 0 :::53 :::* LISTEN 719/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 717/sshd
udp6 0 0 :::53 :::* 719/dnsmasq


kibana[24971]: { Error: listen EACCES ###.###.###.###:443
kibana[24971]: at Object.exports._errnoException (util.js:1026:11)
kibana[24971]: at exports._exceptionWithHostPort (util.js:1049:20)
kibana[24971]: at Server._listen2 (net.js:1244:19)
kibana[24971]: at listen (net.js:1293:10)
kibana[24971]: at net.js:1403:9
kibana[24971]: at GetAddrInfoReqWrap.asyncCallback [as callback] (dns.js:62:16)
kibana[24971]: at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:81:10)
kibana[24971]: code: 'EACCES',
kibana[24971]: errno: 'EACCES',
kibana[24971]: syscall: 'listen',
kibana[24971]: address: '###.###.###.###',
kibana[24971]: port: 443 },
kibana[24971]: isOperational: true,
kibana[24971]: code: 'EACCES',
kibana[24971]: errno: 'EACCES',
kibana[24971]: syscall: 'listen',
kibana[24971]: address: '###.###.###.###',
kibana[24971]: port: 443 }


(Ruslan Zaytsev) #6

excuse me for worry!
All works!

setcap 'CAP_NET_BIND_SERVICE=+eip' /usr/share/kibana/node/bin/node



(CJ Cenizal) #7

Glad you could solve your problem, Ruslan! Thanks for posting your solution.

CJ


(system) #8