SSL for Elasticsearch and Kibana 4 whith Apache as a reverse proxy


(Andrew) #1

Hi guys! Could you please point me to the good tutorial how to set up
the ELK with apache as a reverse proxy. Doing it on OS X (all installed
from Homebrew)? I've found a few but they show different approaches...
I'm not sure what's correct way…

I've done this:

elk-vhost.conf:

<VirtualHost *:8443>
            ServerAdmin admin@server.kibana
            ServerName www.server.kibana
            ServerAlias server.kibana
    
            SSLEngine on
            SSLCertificateFile "/usr/local/etc/apache2/2.4/ssl-keys/ssl_server.crt"
            SSLCertificateKeyFile "/usr/local/etc/apache2/2.4/ssl-keys/ssl_server.key"
    
            SSLProtocol all -SSLv2
            SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    
            SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
            CustomLog /usr/local/var/log/apache2/kibana_ssl_request.log \
            "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
        ###-----------------###
        ##### -- Proxy -- #####
        ###-----------------###
    
        ###--elasticsearch--###
        ProxyRequests Off
            ProxyPass /elasticsearch/ http://127.0.0.1:9200/
            <Location /elasticsearch/>
                ProxyPassReverse /
                SSLRequireSSL
            </Location>
        ###-----kibana------###
        <Proxy *>
            Order Allow,Deny
            Allow from all
            Options -MultiViews
            AuthType Basic
            AuthName "Authenticated proxy"
            AuthUserFile /usr/local/etc/apache2/2.4/elastic.htpwd
            Require valid-user
        </Proxy>
            ProxyPass / http://127.0.0.1:5601
            ProxyPassReverse / https://127.0.0.1:5601
            RewriteEngine on
            RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
            RewriteRule .* http://127.0.0.1:5601%{REQUEST_URI} [P,QSA]
                ErrorLog /usr/local/var/log/apache2/kibana_error.log
                LogLevel warn
                CustomLog /usr/local/var/log/apache2/kibana_access.log combined
    </VirtualHost>

I've also changed this files:

/usr/local/opt/kibana/src/config/index.js

changed
kibana.elasticsearch_url = kibana.elasticsearch_url || 'http://localhost:9200';
to
kibana.elasticsearch_url = kibana.elasticsearch_url || 'https://0.0.0.0/elasticsearch';

and
/usr/local/opt/kibana/src/config/kibana.yml

elasticsearch_url: "http://localhost:9200"

to
elasticsearch_url: "https://localhost/elasticsearch"


(David Reagan) #2

Set up Kibana with the same ssl certs you will use with apache.

Then, in your vhost, it's something like:

SSLProxyEngine on
ProxyPass / https://localhost:<kibana port>
ProxyPassReverse / https://localhost:<kibana port>

Check the Apache docs to make sure my syntax is correct. http://httpd.apache.org/docs/2.4/mod/mod_proxy_http.html is the mod you'll want enabled.

For details on the SSLProxyEngine directive: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxyengine

Make sure you read the docs for the correct version of Apache, those links are for 2.4.

That's all off the top of my head. If you can't get it figured out from that, I'll pull up my own config and share it. Though it might be a day or two before get to it.


(Andrew) #3

Thanx for reply. I've updated the post to show what I've done. I'm using the Apache as a reverse proxy between Elasticsearch and Kibana to get an encripted SSL tunnel between E and K... Have no idea how to check if the data is encrypted?


(David Reagan) #4

Oh, I was just thinking of using https for kibana only.

I don't try to encrypt elasticsearch calls. I ended up just sticking an http elasticsearch node on the same server as Kibana and pointing Kibana at that. I leave securing ES to my firewalls and the fact I'm on a switching network. So I don't need to encrypt ES calls.

I'm not sure how I would do what you want to do...


(system) #5