Need help starting browser session with Kibana

ricwhitney · March 26, 2019, 8:41pm

I have a fesh install of Wazuh and Kibana on a VM in the office. The first time I tried any kind of browser session with kibana I get the heretofore mentioned 504 error after accepting the invalid (self-signed) certificate which tells me something is trying to load.

nginx error log:
2019/03/26 13:27:50 [error] 65695#65695: *6 upstream timed out (110: Connection timed out) while connecting to upstream, client: 192.168.0.22, server: , request: "GET / HTTP/1.1", upstream: "http://pub.lic.ip:5601/", host: "192.168.0.92"

I get the security warning (self-signed cert) but get a 504 error after that
I have server_host set at "0.0.0.0" in /etc/kibana/kibana.yml
should I have this set at something else for internal network only?
Don't want localhost

any ideas from above error log?

Of course, this is behind our firewall at the office

Thanks

LizaD · March 26, 2019, 9:04pm

@Brandon_Kobel any thoughts ?

ricwhitney · March 26, 2019, 9:08pm

Have I even described he scenario well enough?
@LizaD thanks for the nudge

Brandon_Kobel · March 26, 2019, 9:29pm

By default, Kibana only listens on localhost, this can be configured by setting the server.host in your kibana.yml. If you set server.host: 0.0.0.0 in your kibana.yml, Kibana will listen on all network interfaces. It's generally better to only listen on the explicit network interface which you expect to receive HTTP requests from. To verify this is configured correctly, you'll want to do the equivalent of a curl http://your-public-kibana-interface:5601 to ensure that you're able to connect to Kibana from the server that is running nginx. If after setting the server.host you're still unable to communicate with Kibana from the server running nginx, there might be a firewall running on your Kibana server that is dropping this request.

I'm not following the part about your self-signed cert, are you setting server.ssl.* in your kibana.yml to have Kibana self-host SSL? If you are, you'll have to use "https://" in your nginx configuration and ensure that nginx trusts the certificates that you're using with Kibana.

ricwhitney · March 26, 2019, 9:36pm

thanks @Brandon_Kobel

with curl -L http://192.168.0.92:5601 I got a lot of html output in the terminal - I'm guessing that's expected? I should probably try it in the browser without https?
Well I'll be! Just loading it without https worked a charm. Must be something misconfigured with the certs - did you say there was a setting in the kibana file if using self-signed certs?

Brandon_Kobel · March 26, 2019, 10:16pm

To have the Kibana server itself use HTTPS, you can enable this with the following (substituting your own paths):

server.ssl.enabled: true
server.ssl.certificate: /some/path/to/your/cert.crt
server.ssl.key: /some/path/to/your/cert.key

However, when using a reverse-proxy in front of Kibana, it's rather common to do SSL off-loading at the reverse-proxy and have Kibana itself using HTTP, and in that situation you wouldn't configure the aforementioned settings. If you want to take this approach, you'll want to make sure that the reverse-proxy is only accessible by the users which you want to be requiring to use HTTPS and they can't skip the reverse-proxy and hit the Kibana server directly on HTTP. The specifics of this really depends on your network configuration.

ricwhitney · March 26, 2019, 10:30pm

Thank you! I will dig a little deeper as I have fallen back on http for the time being

system · April 23, 2019, 10:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.