Set up ELK stack and can only see json when I browse to it

Vickistan · March 18, 2024, 8:45pm

Hey, I am very new to ELK, and I set up a stack using this:

I am on a VM running Ubuntu 22.04. Everything comes up without errors, but when I browse to https://ubuntu.elk.mydomain.com, I don't get a Kibana dashboard but rather a json blob:

```{"host":"ubuntu-elk","version":"7.17.3","http_address":"127.0.0.1:9600","id":"0afe2de1-c4e7452e-8a86-a535f88c3cfe","name":"ubuntu-elk","ephemeral_id":"27b14d5a-1705-490d-b738-82cc8c85b75e","status":"green","snapshot":false,"pipeline":{"workers":2,"batch_size":125,"batch_delay":50},"build_date":"2022-04-19T08:13:07Z","build_sha":"475c7c89406b90ee03d0efd2e304d2da455589c2","build_snapshot":false}`

I don't know what I did wrong. I have the following in nginx' kibana.conf:

server {
       listen         [::]:80;
       server_name    ubuntu-elk.mydomain.com www.ubuntu-elk.mydomain.com;
       return 301 https://ubuntu-elk.mydomain.com;

       auth_basic "Restricted Access";
       auth_basic_user_file /etc/nginx/htpasswd.users;
   
       location / {
           proxy_pass http://127.0.0.1:9600;
           #proxy_pass http://127.0.0.1:5601;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection 'upgrade';
           proxy_set_header Host $host;
           proxy_cache_bypass $http_upgrade;
       }
}

server {
    listen 443 ssl;

    server_name ubuntu-elk.mydomain.com www.ubuntu-elk.mydomain.com;

    add_header Strict-Transport-Security "max-age=31536000";

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    ssl_certificate /etc/letsencrypt/live/mydomain.com/ubuntu-elk.mydomain.com.crt;
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/ubuntu-elk.mydomain.com.key;
    ssl_stapling on;
    ssl_stapling_verify on;

    access_log /var/log/nginx/sub.log combined;

    #location /.well-known {
    #   alias /[MY PATH]/.well-known;
    #}

    location / {
        proxy_pass http://127.0.0.1:9600;
        #proxy_pass http://127.0.0.1:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

Can I buy a vowel?

Vickistan

carly.richmond · March 19, 2024, 10:13am

Hi @Vickistan,

This looks to be an old tutorial since it's using 7.7.1 which is an old version of Elastic. But having a quick scan I see you have the proxy set to port 9600 rather than the default of 5601:

Can you check if you have changed the default Kibana port somewhere in your configuration? If not I think the commented out line is correct.

Is the blob above what you receive when you go to the status page as the tutorial suggests? I would also recommend having a look at the Kibana setup and access documentation.

Hope that helps!

Vickistan · March 19, 2024, 6:54pm

Hi @carly.richmond

I think you are right. I was mistaking logstash which runs on port 9600 for kibana. Kibana was constantly restarting due to a fatal error when trying to access the cert key. I have fixed that, and now I am getting "Elastic did not load properly. Check the server output for more information." Working through that now. Thanks for your assistance.

Vickistan

system · April 16, 2024, 6:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.