Not able to create basic authentication with username and password on elasticsearch 8.15.0 and kibana 8.15.0

vikascateina · October 15, 2024, 7:10am

Hi, I want that elasticsearch of 8.15.0 should connect with kibana 8.15.0 with basic authentication but kibana is giving error i.e not server yet.But it is running without basic authentication.My docker-compose file is below which is running
without security:

version: '3'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.15.0
    container_name: elasticsearch
    hostname: elasticsearch
    environment:
      - xpack.security.enabled=false
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms1g -Xmx1g
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - elastic_data:/usr/share/elasticsearch/data/
    ports:
      - 9200:9200
    networks:
      - elk-network

  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:8.15.0
    environment:
      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
    ports:
      - 5601:5601
    depends_on:
      - elasticsearch
    networks:
      - elk-network
volumes:
  elastic_data: {}
networks:
   elk-network:

with security i.e which is not running that docker-compose file is below.
version: '3'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.15.0
    container_name: elasticsearch
    hostname: elasticsearch
    environment:
      - xpack.security.enabled=false
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms1g -Xmx1g
      - xpack.security.enabled= "true"
      - ELASTIC_PASSWORD= "password"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - elastic_data:/usr/share/elasticsearch/data/
    ports:
      - 9200:9200
    networks:
      - elk-network

  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:8.15.0
    environment:
      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
      - xpack.security.enabled=true
      - kibana.enable=true
      - ELASTIC_USERNAME=elastic     
      - ELASTIC_PASSWORD=password
    ports:
      - 5601:5601
    depends_on:
      - elasticsearch
    networks:
      - elk-network

volumes:
  elastic_data: {}
 

networks:
   elk-network:

Could someone assist with this? It would be greatly appreciated.

dadoonet · October 15, 2024, 10:21am

Check the logs. That should tell you.

Otherwise, use the example provided in the documentation. It's working very well: Install Elasticsearch with Docker | Elasticsearch Guide [8.15] | Elastic

learningelastic · October 15, 2024, 3:43pm

When I ran your SECOND docker-compose file, i saw some authentication issues between kibana and elasticsearch. I think there's aat least two problems for your kibana settings:

Instead of ELASTIC_USERNAME and ELASTIC_PASSWORD , you could try ELASTICSEARCH_USERNAME and ELASTICSEARCH_PASSWORD. And also, I don't think you are allowed to use the elastic username (a super user) to connect to kibana for security reasons. So you might need to use the username kibana_system.

Also maybe just start from David Pilato's suggestion instead

learningelastic · October 15, 2024, 4:05pm

Confirmed that i got your file to work by doing the following...

I fixed teh typing mistakes to your docker-compose.yml which you can download here:

version: '3'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.15.0
    container_name: elasticsearch
    hostname: elasticsearch
    environment:
      - xpack.security.enabled=false
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms1g -Xmx1g
      - xpack.security.enabled= "true"
      - ELASTICSEARCH_PASSWORD= "password"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - elastic_data:/usr/share/elasticsearch/data/
    ports:
      - 9200:9200
    networks:
      - elk-network

  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:8.15.0
    environment:
      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
      - xpack.security.enabled=true
      - kibana.enable=true
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=password
    ports:
      - 5601:5601
    depends_on:
      - elasticsearch
    networks:
      - elk-network

volumes:
  elastic_data: {}


networks:
   elk-network:

Then run docker-compose up.

Then you need to create a password for the kibana_system user. Do this:

# enter the elasticsearch container
docker exec -it elasticsearch bash

# reset the kibana_system password to what is specified in the docker-compose.yml file, which in this case is password
/usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u kibana_system

# exit the container
exit;

# restart the kibana container
docker restart kibana

And now kibana is up for me.

However it is still best that you follow the official guides and use the initial code offered by elasticsearch team as your starting point:

vikascateina · October 16, 2024, 5:33am

I followed your suggestion and ran the command, but logging in with the kibana_system username didn’t work. Instead, I had to use the elastic username to successfully log in. I ran the ./elasticsearch-setup-passwords interactive command in /usr/share/elasticsearch/bin, set the passwords, and was able to access the Kibana dashboard using the elastic account. However, this solution isn't suitable for deployment on the server, as manually changing passwords inside the container isn't a best practice.

Our main concern is that we want to use a single image for both production and non-production environments. Since Elasticsearch will be running on ECS and requires password setup within a running container, the current approach would force us to build an image and push it to ECR on AWS. Managing two separate images for production and non-production isn’t ideal, so we’re aiming to have one unified image for both environments.

learningelastic · October 16, 2024, 1:05pm

That is correct, kibana_system user is for the kibana to elastic integration. You shoudl consider seting up new accounts for actual users to login with.

If you try the official documentation, you will see that "setup containers" are used to do all the provisioning, account setup, TLS cert generation etc...

I will message you directly to your inbox with additional supporting material, so check your DM