I set up an elk stack, and I initially got to kibana by browsing to my FQDN. Now it takes me to a json block like this:
{
"name" : "ubuntu-elk",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "UVOrZ8a3T669Ft2_-E7jlw",
"version" : {
"number" : "7.17.18",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "8682172c2130b9a411b1bd5ff37c9792367de6b0",
"build_date" : "2024-02-02T12:04:59.691750271Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
How do I get back to the kibana login?
Here are the only uncommented lines in my kibana.yml:
server.port: 5601
server.host: "ubuntu-elk.<mydomain>.com"
server.publicBaseUrl: "ubuntu-elk.<mydomain>.com"
server.name: "ubuntu-elk.<mydomain>.com"
elasticsearch.hosts: ["http://localhost:9200"]
enterpriseSearch.host: 'http://localhost:3002'
and the uncommented lines of my elasticsearch.yml
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.security.enabled: fasle
Please let me know what else I need to provide.
VIckistan
I added this to both elasticsearch.yml and kibana.yml (replaced the line I show above), so now I get my login prompt again.
xpack.security.enabled: True
I still don't understand what I need to change to get back into kibana. Here is netstat -ntlp which shows that both port 9200 and 9300 are configured for localhost only:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9200 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9300 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9600 0.0.0.0:* LISTEN -
I have the nginx config set up to reverse proxy:
server {
listen 80;
server_name ubuntu-elk.<mydomain> www.ubuntu-elk.<mydomain>;
return 301 https://ubuntu-elk.<mydomain>;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass https://$host$request_uri:5601;
# proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 443 ssl;
server_name ubuntu-elk.<mydomain> www.ubuntu-elk.<mydomain>;
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate /etc/nginx/ssl/ubuntu-elk.<mydomain>.crt;
ssl_certificate_key /etc/nginx/ssl/ubuntu-elk.<mydomain>.key;
ssl_stapling on;
ssl_stapling_verify on;
access_log /var/log/nginx/sub.log combined;
location / {
proxy_pass http://localhost:9200;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
dadoonet
March 15, 2024, 8:04pm
3
You need to redirect to the 5601 port and not 9200 I guess. You need to check your nginx settings I think.
@dadoonet Thanks for that. I am closer. I can get to elasticsearch from the command line with this: curl -u elastic http://localhost:9200
I think I was confused on what parts of the stack need to be https and what need to be http. I thought that kibana needed to be https, but since I am fronting it with nginx, it probably doesn't need to be. Can both elasticsearch and kibana use localhost if nginx has a proxy_pass like this:
proxy_pass http://localhost:5601;
**I have that proxy pass in both the port 80 and port 443 sections, btw.
netstat -ntlp shows this:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9200 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9300 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:9600 0.0.0.0:* LISTEN -
tcp 0 0 127.0.1.1:5601 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
I am seeing a Bad Gateway error when I try to access it from an outside system, and this is showing in the logs:
2024/03/15 20:52:53 [error] 3220#3220: *6 no live upstreams while connecting to upstream, client: 104.15.186.251, server: ubuntu-elk.<mydomain>, request: "GET /favicon.ico HTTP/1.1", upstream: "http://localhost/favicon.ico", host: "ubuntu-elk.<mydomain>", referrer: "https://ubuntu-elk.<mydomain>/"
I suspect I am just missing some obvious little detail.
Thanks in advance,
I had to step away to see that kibana was running on 127.0.1.1 instead of 127.0.0.1. Thanks for the assistance. Closing this issue out now.