Trying to expose a specific dashboard without authentication behind nginx

snovak · February 15, 2019, 11:22pm

We are using nginx to authenticate access to Kibana and then proxying to the localhost Kibana service. This has been working but now we have a request to allow one dashboard to be seen without authentication. We tried to do it with the following nginx configuration but when we access the site path we get the generic MetricBeats Host Overview dashboard now the one in our link.

location / {
    #auth to ldap via pam via sssd
    auth_pam              "Kibana on ELK-02";
    auth_pam_service_name "nginx_restricted";

    proxy_pass http://127.0.0.1:5601;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

location /renderdash/ {
    proxy_pass http://127.0.0.1:5601/app/kibana#/dashboard/50f56c30-3165-11e9-9b68-4bbde4fc824f
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

bhavyarm · February 18, 2019, 8:21pm

@azasypkin can we please get some help?

Thanks,
Bhavya

snovak · February 19, 2019, 7:33pm

We really could use some help making this work. Again, what we need is to enable access to a specific dashboard without authentication but maintain authentication / access control for the rest of Kibana. We do not want to allow access to the Kibana devtools and management sections to everyone (obviously).

Christian_Dahlqvist · February 19, 2019, 8:27pm

As far as I know trying to implement low-level controls like this is very hard (if even possible) in a proxy. One way might however be to create a separate Kibana instance with separate configuration and then proxy just the unsecured dashboard to this.

azasypkin · February 20, 2019, 9:20am

Hi @snovak,

I think there are a couple of things here:

I doubt that the hash (#) part of proxy_pass URL is being passed to anywhere - hash is the browser only thing, so I guess NGINX just drops it. So you may want to consider Short URL permalink instead (depends on your requirements).
There is a chance you may want to use Kibana Dashboard Only Mode for this use case if not using already.

Best,
Oleg

system · March 20, 2019, 9:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.