Kibana with nginx ingress on minikube

Elastic Stack Kibana
1

Hi, I am trying to test my ELK stack configuration on minikube, Kibana is "exposed" using a ngnix ingress (http only). My ELK stack version is 6.2.4 with searchguard.

I went through various posts here as well as on stackoverflow and i think i have the config right but i am stuck on "login page loop", i.e even after logging in, the page redirects to login page.

kibana.yml

server.port: 5601
server.host: "0.0.0.0"
server.basePath: "/logs"
server.name: "kibana"
elasticsearch.url: '${ELASTICSEARCH_URL}'
elasticsearch.username: "kibana"
elasticsearch.password: "password"

ingress config

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kibana-http-ingress
  namespace: backstage
  labels:
    app: kibana
    chart: kibana-6.2.4
    release: kibana
    heritage: Tiller
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/configuration-snippet: |
       rewrite ^/logs/(.*)$ /$1 break;
spec:
  rules:
  - host: my-local-devops.com
    http:
      paths:
      - path: /logs
        backend:
          serviceName: kibana
          servicePort: 5601

nginx.conf in the controller (autogenerated)

location ~* ^/logs\/?(?<baseuri>.*) {
			
			set $namespace      "backstage";
			set $ingress_name   "kibana-http-ingress";
			set $service_name   "kibana";
			set $service_port   "5601";
			set $location_path  "/logs";
			
			rewrite_by_lua_block {
				
				balancer.rewrite()
				
			}
			
			log_by_lua_block {
				
				balancer.log()
				
				monitor.call()
			}
			
			port_in_redirect off;
			
			set $proxy_upstream_name "backstage-kibana-5601";
			
			client_max_body_size                    "1m";
			
			proxy_set_header Host                   $best_http_host;
			
			# Pass the extracted client certificate to the backend
			
			# Allow websocket connections
			proxy_set_header                        Upgrade           $http_upgrade;
			
			proxy_set_header                        Connection        $connection_upgrade;
			
			proxy_set_header X-Request-ID           $req_id;
			proxy_set_header X-Real-IP              $the_real_ip;
			
			proxy_set_header X-Forwarded-For        $the_real_ip;
			
			proxy_set_header X-Forwarded-Host       $best_http_host;
			proxy_set_header X-Forwarded-Port       $pass_port;
			proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
			
			proxy_set_header X-Original-URI         $request_uri;
			
			proxy_set_header X-Scheme               $pass_access_scheme;
			
			# Pass the original X-Forwarded-For
			proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
			
			# mitigate HTTPoxy Vulnerability
			# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
			proxy_set_header Proxy                  "";
			
			# Custom headers to proxied server
			
			proxy_connect_timeout                   5s;
			proxy_send_timeout                      60s;
			proxy_read_timeout                      60s;
			
			proxy_buffering                         "off";
			proxy_buffer_size                       "4k";
			proxy_buffers                           4 "4k";
			proxy_request_buffering                 "on";
			
			proxy_http_version                      1.1;
			
			proxy_cookie_domain                     off;
			proxy_cookie_path                       off;
			
			# In case of errors try the next upstream server before returning an error
			proxy_next_upstream                     error timeout;
			proxy_next_upstream_tries               3;
			
			rewrite ^/logs/(.*)$ /$1 break;
			
			rewrite (?i)/logs/(.*) /$1 break;
			rewrite (?i)/logs$ / break;
			proxy_pass http://upstream_balancer;
			
			proxy_redirect                          off;
			
		}

I see no errors in either kibana or nginx controller logs.
We also have a kubernetes setup on one of our local servers and we are facing the same issue.

2

Found the issue, the issue was with search guard. On our QA we have an https ingress for which we enabled the searchguard.cookie.secure . When we used http ingress in our test this caused a login loop

searchguard.cookie.secure: true

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.