I am trying to protect certain endpoints in Kibana, specifically dashboards, with Nginx. The problem is that the fragment identifier does not get sent in the request, so everything after /app/kibana is ignored, only allowing basic authentication to /app/kibana.
I just set one of these up. To access a dashboard through proxy you need to allow access to different parts of kibana as they all work together to build the dashboard:
I configured it like this because I use a lot of shared dashboards. Setting similar to this lets the user view dashboards without access to other parts of the kibana system. There may be other ways to do this but this is what works for me.
When you access a dashboard there are more parts that need to be accessed through the proxy than just the dashboard. Those would be the items listed in the location section. When you are using a location directly to /app/kibana/dashboards/dashboard_name it will not load some of what it needs. You can probably see this if you watch the web developer console in your browser as the page tries to load.
I see in my location part of the config /plugins is referenced twice, that was just a mistake as I typed the config part, it does not need to be there twice.
Thanks for the clarification. Testing the config that you posted, it allows access to almost all of kibana though because of the |/app/kibana|. I want to restrict users to just one dashboard, you able to accomplish that with this method?
Yes I guess it would allow access to the board if you knew how to get there. I stop that from happening with some other nginx code that is based on the requesting host. Of course my setup's are not exact to what yours would be.
I have something I want to test but my Kibana server is optimizing at the moment. When that is complete I will do my rule adjustment test and reply with the results.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.