A popup authentication from NGINX or Kibana?
What you probably want is NGINX to pass its credentials from your web app to Kibana right?
If so you need to use the following configuration line in your elasticsearch.yml config file:
elasticsearch.requestHeadersWhitelist: [ es-security-runas-user, authorization ]
Then you should add a user in Kibana, I called mine "nginx"
Create a role for this user, I called mine "nginx" as well. Leave all everything default with no permissions to anything except add the users you want authenticated through NGINX to the "Run As privileges" section.
You need to base 64 encode the username:password for the NGINX account in Kibana.
the one shown below ("bmdpbng6c2VjcmV0cGFzc3dvcmQ=") is base 64 encoding of nginx:secretpassword
$NAME_OF_HEADER_WITH_USER_TO_RUN_AS shown below should be a named header that your application uses to pass the username you want authenticated into Kibana. The username from the web app and Kibana must match exactly, as this is what allows the NGINX user in Kibana to run as another user. This would be a header such as $http_x_forwarded_user.
add these two lines to your nginx config:
proxy_set_header Authorization "Basic bmdpbng6c2VjcmV0cGFzc3dvcmQ=";
proxy_set_header es-security-runas-user $NAME_OF_HEADER_WITH_USER_TO_RUN_AS;
Hope this makes sense..
Check out this blog for more detail: