Kibana with Nginx


(Vikas Gopal) #1

Hi Kibana Experts,
I am using Nginx as reverse proxy + load balancer for Kibana . I am also using simple authentication to restrict the user to their web page . Now, I want to restrict the user so that user cannot open management link , so to achieve this I am trying following configuration which is not working , I mean no error while restarting Nginx but I am still able to open management link .

map $remote_user $server_based_on_user {
"vg" "kibana";
}

upstream kibana {
server x.x.x.33:5601;
keepalive 75;
}
server {
listen 80;
server_name x.x.x.33;
error_log /var/log/nginx/kibana.error.log;
access_log /var/log/nginx/kibana.access.log;
location ~* /app/kibana(.)/management(.) {
return 403;
break;
}
location / {
auth_basic "protect kibana";
auth_basic_user_file /etc/nginx/normal.users;
proxy_ignore_client_abort on;
proxy_pass http://$server_based_on_user$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}

Any help on this would highly appreciated.

Regards
VG


(Robert Cowart) #2

The URI for the management app is...

http://KIBANASERVER/app/kibana#/management

The portion after the hash(#) is a URI fragment identifier. It is handled by the javascript app running within the browser. It is NOT forwarded to the server. Since it is not forwarded to the server, it isn't passed through nginx. This means that you cannot restrict access to such URI's in this manner.


(Vikas Gopal) #3

@rcowart, thank you for your prompt response , it absolutely make sense . Any Idea how I can achieve this?
I know this can be disabled using X-pack but any other option using NGINX ?

Regards
VG


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.