I have a fesh install of Wazuh and Kibana on a VM in the office. The first time I tried any kind of browser session with kibana I get the heretofore mentioned 504 error after accepting the invalid (self-signed) certificate which tells me something is trying to load.
I get the security warning (self-signed cert) but get a 504 error after that
I have server_host set at "0.0.0.0" in /etc/kibana/kibana.yml
should I have this set at something else for internal network only?
Don't want localhost
any ideas from above error log?
Of course, this is behind our firewall at the office
By default, Kibana only listens on localhost, this can be configured by setting the server.host in your kibana.yml. If you set server.host: 0.0.0.0 in your kibana.yml, Kibana will listen on all network interfaces. It's generally better to only listen on the explicit network interface which you expect to receive HTTP requests from. To verify this is configured correctly, you'll want to do the equivalent of a curl http://your-public-kibana-interface:5601 to ensure that you're able to connect to Kibana from the server that is running nginx. If after setting the server.host you're still unable to communicate with Kibana from the server running nginx, there might be a firewall running on your Kibana server that is dropping this request.
I'm not following the part about your self-signed cert, are you setting server.ssl.* in your kibana.yml to have Kibana self-host SSL? If you are, you'll have to use "https://" in your nginx configuration and ensure that nginx trusts the certificates that you're using with Kibana.
with curl -L http://192.168.0.92:5601 I got a lot of html output in the terminal - I'm guessing that's expected? I should probably try it in the browser without https?
Well I'll be! Just loading it without https worked a charm. Must be something misconfigured with the certs - did you say there was a setting in the kibana file if using self-signed certs?
However, when using a reverse-proxy in front of Kibana, it's rather common to do SSL off-loading at the reverse-proxy and have Kibana itself using HTTP, and in that situation you wouldn't configure the aforementioned settings. If you want to take this approach, you'll want to make sure that the reverse-proxy is only accessible by the users which you want to be requiring to use HTTPS and they can't skip the reverse-proxy and hit the Kibana server directly on HTTP. The specifics of this really depends on your network configuration.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.