Hi,
Being a bit of a technocrat, I tried the latest 7.6.2 ES/Kibana releases and can't understand this error message after configuring nginx 1.15-alpine reverse proxy. Even after repeatedly restarting with kibana with csp.strict on/off, the error still happens... Is this a software issue? Can I workaround it? Thanks in advance...
configuration:
latest alpine
latest ES, Kibana
latest nginx stable
ubuntu 18.04 host
latest docker 19.x
latest docker-compose v3.3 template
steps:
# client side
$ curl https://au-001.fortressiq.com/
...
// Since this is an unsafe inline script, this code will not run
// in browsers that support content security policy(CSP). This is
// intentional as we check for the existence of __kbnCspNotEnforced__ in
// bootstrap.
window.__kbnCspNotEnforced__ = true;
# server side docker-compose.yaml
version: '3.3'
services:
nginx:
image: nginx:1.15-alpine
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
ports:
- "80:80"
- "443:443"
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
- ./data/nginx:/etc/nginx/conf.d
networks:
- elastic
certbot:
image: certbot/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
kibana:
image: docker.elastic.co/kibana/kibana:7.6.2
container_name: kibana
# see https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/resources/bin/kibana-docker
volumes:
- ./kibana.yml:/usr/share/kibana/config/kibana.yml
ulimits:
memlock:
soft: -1
hard: -1
ports:
- 5601:5601
networks:
- elastic
// Since this is an unsafe inline script, this code will not run
// in browsers that support content security policy(CSP). This is
// intentional as we check for the existence of __kbnCspNotEnforced__ in
// bootstrap.
window.__kbnCspNotEnforced__ = true;
^
|
the error is preventing browser from displaying traditional welcome page. Hence I use curl to show this issue
the nginx reverse proxy setting is below, compsoe and all the browsers support CSP. Please explain why status 200 and nothing shows up if this is not an error state, yet.
I can't help you with your nginx issues, but I can try to help with verifying that the Kibana CSP settings are set correctly. You still haven't shown me what the browser is showing: you've only shown server-side errors. Where is the browser error?
I work around it with csp.strict: true in kibana. now I am seeing kibana unable to login using admin/admin default password with opendistro so not sure why kibana is behaving this way behind a proxy. Turning off kibana security is an insecure workaround, not related.
I get same error. It just shows a blank page. You can only see the error if you use curl or click view source in Browser. I too am using KIbana in docker. So I gave up and took approach described below to not use nginx:
And I agree with Kenneth that engineers here need to know about nginx since practically everyone uses it that way. We do that because we need to put Kibana on a public IP.
This works. Open as a shell as root and pass in SERVER_HOST which KIbana will use to expose that server on that IP so you can then open it from the public internet.
sudo -i
export SERVER_HOST="172.31.46.15"
nohup docker run --link 4a867fcd2248:elasticsearch -p 5601:5601 kibana:7.6.2&
http:://(your public ip):5601
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.