NGINX reverse proxy, to local KIBANA, to AWS ElasticSearch


(Neil Briscoe) #1

Newbie here. I have managed to get NGINX reverse proxy, connecting to Kibana, connecting to ES when all on the same box in AWS. Doing this to add simple authentication.

I am now wanting to utilise the AWS ES service (2.3) with a local Kibana (4.5.0) and still wanting to add NGINX reverse proxy on an EC2 instance for authentication.

When I target my NGINX proxy on port 80, I get the kbn-header issue. As I cannot control anything on the ES/Kibana end as it's SaaS, I am tried many, many configurations on the nginx configuration.

Is there something I am missing or is this not doable on these versions?

server {
listen 80;

server_name localhost;

auth_basic "Kibana - LOGIN REQUIRED";
auth_basic_user_file /etc/nginx/htpasswd.users;


location  / {
proxy_pass http://localhost:5601/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_pass_request_headers off;
proxy_cache_bypass $http_upgrade;
	proxy_redirect default;
}

}

with my kibana.yml:

start

server.port: 5601
server.host: "0.0.0.0"
elasticsearch_url: "http://search-xxx.eu-west-1.es.amazonaws.com:80"

end


(Lee Drengenberg) #2

Hi Neil,

Before you (or me) spend too much time on this, have you considered using Elastic Cloud instead?

Some people aren't aware that Elastic has a hosted service.

  • You'll have the latest releases of products available to you the same day they're released.
  • Much better support by the company developing the products.
  • The security plugin included.
  • A bunch of other features you CAN'T get on AWS Elasticsearch service.
  • You can still host Kibana yourself, or just use it on Elastic Cloud.

If you can't use Elastic Cloud, let me know and I'll try to help you figure out this NGINX reverse proxy issue.

Regards,
Lee


(Neil Briscoe) #3

thanks Lee. I have taken a look at this and will likely use this once we have done our proof of concept with network virtual appliances, syslog-ng and netflow.

I think I have figured it - so now need to figure out what I changed along the way.

Yes, wild stabbing the the dark worked!

server {
listen 80;
server_name localhost;

location /kibana/ {
    proxy_pass http://localhost:5601/;
    rewrite /kibana/(.*)$ /$1 break;
    proxy_http_version 1.1;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Authorization "";
    proxy_hide_header Authorization;
    auth_basic "Username and Password are required";
    auth_basic_user_file /etc/nginx/htpasswd.users;        
}

}


(Lee Drengenberg) #4

Glad you got it working Neil. And thanks for the update on it, it might help someone else with a similar problem. ++

Regards,
Lee


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.