Kibana startup stuck when elasticsearch use http

Hello, I install es and kibana version 8.4.2, they enable https by default. but i prefer http in private network.
so i follow the official instruction, download es and start it, and get some security information indicate that it run successfully. Then i edit the config/elasticsearch.yml and only change xpack.securtiy.http.ssl.enabled value to false, and restart it.
With curl -u elastic:xxxxx http://localhost:9200 , I can get right response, notice that i use HTTP and the username and password must be right, it's all I want.
The problem is, when i start kibana, It stucks and the page show the server is not ready yet. i think the log is not helpful, i paste last two line:

[2022-09-29T09:46:04.090+08:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: missing authentication credentials for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]
[2022-09-29T09:46:04.820+08:00][INFO ][plugins.screenshotting.chromium] Browser executable: /home/yli/Program/dist/kibana-8.4.2/x-pack/plugins/screenshotting/chromium/headless_shell-linux_x64/headless_shell

even i set elasticsearch.serviceAccountToken the right value. But when i change es xpack.securtiy.http.ssl.enabled to true, kibana starts success.

Finally I figure it out.
I think access token is only for https but no one tell me that. Maybe it's a bug? or just a feature?
I reset the pwd with elasticsearch-reset-password -u kibana, then config it to kibana.yml, and Bang! it works.

By access token, do you mean service account token? If so, it no longer requires HTTPS to work since version 7.16. If you are using a newer version. There should not be such constraint.

Please note that service account token generated using CLI is per node. So if you have multiple ES node and only generated the token for one node, it will not work if Kibana talks to a node that does not have the token. You need either (1) copy the service-tokens file to all nodes or (2) generate the token using API.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.