I have a Droplet on Digital Ocean which runs CentOS 7 and I run an ELK stack on it. I've also successfully configured an NGINX web server with a FQDN (got one from namecheap.com ) and I also have an SSL certificate managed by Let's Encrypt.
In order to set-up my nginx web server and the SSL certificate, I followed this straightforward tutorial from Digital Ocean. I can now basically access my website from any browser. You can see it form yourself here. The connection is https and has a valid certificate.
Now, I want to have my Kibana running on the same FQDN (insead of running it on localhost), with https support (basically under the same SSL configuration as the rest of my website). I tried to start with this tutorial which basically sets up a reverse proxy with nginx for accessing the Kibana dashboard from any machine.
The issue I have is that after I follow the step where I have to modify the config file in etc/nginx/conf.d/basavyr.live.conf, I should be able to access it with: http://basavyr.live/status. However, the browser redirects me to the https version of the page, which returns the 404 error.
According to the tutorial, this is what I have to add in my conf file.
TL;DR
All I want is to be able to connect to Kibana using https by accessing something like https://basavyr.live/kibana (for example) and also make it possible to redirect the http request to a https one (from what I understand though, certbot takes care of this by default ? ).
I believe I also have to update the Kibana yaml file with these options:
If you're using NGINX as a reverse-proxy for all traffic to Kibana, I'd recommend configuring it to do TLS termination before proxying http traffic to Kibana.
To start, you'll want to change the following setting in your etc/nginx/conf.d/basavyr.live.conf
You can also remove NGINX, and allow end-users to access Kibana directly using HTTPS. In this situation, you'd keep the following settings in your kibana.yml
Dear @Brandon_Kobel,
I tried changing the kibana.yml file, but it still didn't work with that initial config file on the nginx reverse proxy.
However, after more research, I've come across this post where the solution is to change the location context for kibana:
location /kibana {
rewrite ^/kibana/?(.*)$ /$1 break;
proxy_set_header Connection "";
proxy_intercept_errors on;
proxy_redirect off;
proxy_pass http://localhost:5601;
include nginxconfig.io/proxy.conf; #this was added by me after I saw a config generator for NGINX on the web
}
After I changed it, it finally worked. Regarding the include file, I found it here:
It is a super useful website which helps you generate config files for your web servers.
I think this whole time, my issue was related with nginx not being able to access kibana files due to non-root access (??)
Fortunately, now I am able to access Kibana with my domain, with full TLS encryption and valid ssl certificate.
Thank you!
PS: I did the same set-up for elasticsearch reverse proxy (with the /elastic location context) and that also works like a charm
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.