Hi Cj, thanks for the reply and most excellent question! I never mentioned SSL but, yes I had it enabled in our config file:
server.host: "127.0.0.1"
server.name: "Kibana Ops"
server.ssl.cert: /etc/letsencrypt/live/example.com/cert.pem
server.ssl.key: /etc/letsencrypt/live/example.com/privkey.pem
of course it was also in our htconf, which made this redundant. disabling the kibana SSL certs stopped the redirects with port from happening. Makes sense kibana would force the URL when running its own SSL implementation!
I also learned a few other things securing with the htconfig: when using proxypass, you must place the auth inside a Location section matching the path you are serving for kibana to get a htauth password request; our generic htauth config for Directory / was not being recognized. Here's the config I ended up using:
<VirtualHost *:443>
ServerAdmin admin@example.com
ServerName kibana.example.com
<Location />
Options FollowSymLinks
AuthType Basic
AuthName "Kibanarama!"
AuthUserFile /etc/httpd/conf/.htpasswd
Require valid-user
ProxyPass http://127.0.0.1:5601/
ProxyPassReverse http://127.0.0.1:5601/
</Location>
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
</VirtualHost>
Now kibana serves fine from external host on its own subdomain, with Apache authentication.
Thanks for the SSL tip off!!
Cheers, Jt