Redirecto only to specific dashboard in Kibana behind Nginx reverse proxy

Elastic Stack Kibana
1

Hi.
I'm using nginx as a reverse proxy to auto-authenticate a dashboard iframe (via share) in another server....
So far i have this:

server {
        listen       443 ssl http2 default_server;

        ssl_certificate "/etc/pki/tls/certs/domain/domaincertificate.crt";
        ssl_certificate_key "/etc/pki/tls/certs/domain/domainkey.key";

        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Authorization "Basic *";
                proxy_pass https://my.kibanaserver:5601;
                proxy_redirect off;
                proxy_buffering off;
        }
}

With the above configuration i'm able to open a browser like this:
https://myreverseproxy.domain.com

and get the data from
https://my.kibanaserver:5601

The user configured is read-only, works in a independent space and has limited access to other parts of the platform...
So far so good..

What i need to do is to "disable" or "protect" other links in the dashboard... permitting to the user only navigate the specific dashboard assigned for him.
For example let's say that i have a dashboard and i want show it through my reverse proxy:

https://myreverseproxy.domain.com/s/clientes/app/dashboards#/view/2a956837-49a7-4gg7-a233-4f7c69c997c7

This works ok..
But when i try to access :
https://myreverseproxy.domain.com/s/clientes/app/home#/
or
https://myreverseproxy.domain.com/s/clientes/app/dashboards#/

It take me there...which i don't want to...
is there a way to ban the access to that "resource" to the user through nginx configuration?

Or maybe there is a better approach?
Thanks in advance

Ricardo

2

You could limit each space to a customer and add there dashboards only allowed to them. Then you can limit all request that contain that space in the URL (/s/clientes/ in the case of your URL).

3

Hi @Marius_Dragomir !
Thanks for your answer... in fact i'm doing that... each user has his own space with only view to his own dashboards and index's.... i was trying to limit the access to other parts of the platform.
Despite the USER has "Dashboard" only access... as the image shows:

Kibana access
Kibana access755×782 73.8 KB

But the user can navigate to "Home" and "Overview"... then it has the "permissions" to create and play with the "Example Data", which i don't want!..
Is there a way to be more restrictive with the user access to the dashboards?? I'm thinkin a permission to only see the Dashboards and nothing else....
Thanks!

4

If you don't want to be able to create/modify Dashboards or Visualizations look into adding read-only for the indices in the role description. If you can post it here I can probably help tune it.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.