Kibana with nginx ingress on minikube

Hi, I am trying to test my ELK stack configuration on minikube, Kibana is "exposed" using a ngnix ingress (http only). My ELK stack version is 6.2.4 with searchguard.

I went through various posts here as well as on stackoverflow and i think i have the config right but i am stuck on "login page loop", i.e even after logging in, the page redirects to login page.

kibana.yml

server.port: 5601
server.host: "0.0.0.0"
server.basePath: "/logs"
server.name: "kibana"
elasticsearch.url: '${ELASTICSEARCH_URL}'
elasticsearch.username: "kibana"
elasticsearch.password: "password"

ingress config

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kibana-http-ingress
  namespace: backstage
  labels:
    app: kibana
    chart: kibana-6.2.4
    release: kibana
    heritage: Tiller
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/configuration-snippet: |
       rewrite ^/logs/(.*)$ /$1 break;
spec:
  rules:
  - host: my-local-devops.com
    http:
      paths:
      - path: /logs
        backend:
          serviceName: kibana
          servicePort: 5601

nginx.conf in the controller (autogenerated)

location ~* ^/logs\/?(?<baseuri>.*) {
			
			set $namespace      "backstage";
			set $ingress_name   "kibana-http-ingress";
			set $service_name   "kibana";
			set $service_port   "5601";
			set $location_path  "/logs";
			
			rewrite_by_lua_block {
				
				balancer.rewrite()
				
			}
			
			log_by_lua_block {
				
				balancer.log()
				
				monitor.call()
			}
			
			port_in_redirect off;
			
			set $proxy_upstream_name "backstage-kibana-5601";
			
			client_max_body_size                    "1m";
			
			proxy_set_header Host                   $best_http_host;
			
			# Pass the extracted client certificate to the backend
			
			# Allow websocket connections
			proxy_set_header                        Upgrade           $http_upgrade;
			
			proxy_set_header                        Connection        $connection_upgrade;
			
			proxy_set_header X-Request-ID           $req_id;
			proxy_set_header X-Real-IP              $the_real_ip;
			
			proxy_set_header X-Forwarded-For        $the_real_ip;
			
			proxy_set_header X-Forwarded-Host       $best_http_host;
			proxy_set_header X-Forwarded-Port       $pass_port;
			proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
			
			proxy_set_header X-Original-URI         $request_uri;
			
			proxy_set_header X-Scheme               $pass_access_scheme;
			
			# Pass the original X-Forwarded-For
			proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
			
			# mitigate HTTPoxy Vulnerability
			# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
			proxy_set_header Proxy                  "";
			
			# Custom headers to proxied server
			
			proxy_connect_timeout                   5s;
			proxy_send_timeout                      60s;
			proxy_read_timeout                      60s;
			
			proxy_buffering                         "off";
			proxy_buffer_size                       "4k";
			proxy_buffers                           4 "4k";
			proxy_request_buffering                 "on";
			
			proxy_http_version                      1.1;
			
			proxy_cookie_domain                     off;
			proxy_cookie_path                       off;
			
			# In case of errors try the next upstream server before returning an error
			proxy_next_upstream                     error timeout;
			proxy_next_upstream_tries               3;
			
			rewrite ^/logs/(.*)$ /$1 break;
			
			rewrite (?i)/logs/(.*) /$1 break;
			rewrite (?i)/logs$ / break;
			proxy_pass http://upstream_balancer;
			
			proxy_redirect                          off;
			
		}

I see no errors in either kibana or nginx controller logs.
We also have a kubernetes setup on one of our local servers and we are facing the same issue.

Found the issue, the issue was with search guard. On our QA we have an https ingress for which we enabled the searchguard.cookie.secure . When we used http ingress in our test this caused a login loop

searchguard.cookie.secure: true

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.