Proxy pass for security always redirects to kibana port?

Hi Cj, thanks for the reply and most excellent question! I never mentioned SSL but, yes I had it enabled in our config file:

server.host: "127.0.0.1"
server.name: "Kibana Ops"
server.ssl.cert: /etc/letsencrypt/live/example.com/cert.pem
server.ssl.key: /etc/letsencrypt/live/example.com/privkey.pem

of course it was also in our htconf, which made this redundant. disabling the kibana SSL certs stopped the redirects with port from happening. Makes sense kibana would force the URL when running its own SSL implementation!

I also learned a few other things securing with the htconfig: when using proxypass, you must place the auth inside a Location section matching the path you are serving for kibana to get a htauth password request; our generic htauth config for Directory / was not being recognized. Here's the config I ended up using:

<VirtualHost *:443>
  ServerAdmin admin@example.com
  ServerName kibana.example.com

  <Location />
    Options FollowSymLinks
    AuthType Basic
    AuthName "Kibanarama!"
    AuthUserFile /etc/httpd/conf/.htpasswd
    Require valid-user
    ProxyPass         http://127.0.0.1:5601/
    ProxyPassReverse  http://127.0.0.1:5601/
  </Location>

  DocumentRoot /var/www/html

  SSLEngine on

  SSLCertificateFile      /etc/letsencrypt/live/example.com/cert.pem
  SSLCertificateKeyFile   /etc/letsencrypt/live/example.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
</VirtualHost>

Now kibana serves fine from external host on its own subdomain, with Apache authentication.

Thanks for the SSL tip off!!
Cheers, Jt