Unable to get HTTPS working on Kibana

Elastic Stack Kibana
1

Hi. Trying to get Kibana accessible via HTTPS but it's not working. I have a Platinum license.
I have certs configured on my ES nodes and they are communicating via SSL.
When I try to enable the HTTPS config in Kibana my /var/log/messages file gets filled up with these error messages:

Jun  2 19:31:34 kibana1 kibana: {"type":"error","@timestamp":"2018-06-02T09:31:34Z","tags":["fatal"],"pid":14256,"level":"fatal","error":{"message":"child \"xpack\" fails because [child \"security\" fails because [\"http\" is not allowed]]","name":"ValidationError","stack":"ValidationError: child \"xpack\" fails because [child \"security\" fails because [\"http\" is not allowed]]\n    at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n    at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n    at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n    at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n    at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n    at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n    at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n    at next (native)\n    at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n    at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361"},"message":"child \"xpack\" fails because [child \"security\" fails because [\"http\" is not allowed]]"}
Jun  2 19:31:34 kibana1 systemd: kibana.service: main process exited, code=exited, status=1/FAILURE
Jun  2 19:31:34 kibana1 systemd: Unit kibana.service entered failed state.
Jun  2 19:31:34 kibana1 systemd: kibana.service failed.
Jun  2 19:31:34 kibana1 systemd: kibana.service holdoff time over, scheduling restart.
Jun  2 19:31:34 kibana1 systemd: Started Kibana.
Jun  2 19:31:34 kibana1 systemd: Starting Kibana...

Then it just goes into a loop...

Extract of my /etc/kibana/kibana.yml with the x-pack part:

xpack.security.encryptionKey: "1234563872093741209384876237890123"
xpack.security.sessionTimeout: 600000
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /etc/kibana/kibana1.key
xpack.security.http.ssl.certificate: /etc/kibana/kibana1.pem
xpack.security.http.ssl.certificate_authorities: [ "/etc/kibana/elastic_ca.pem" ]

2

Please reach the support team. That might be the best way to move forward.

3

It looks like you are trying to use Elasticsearch settings in your Kibana config.

xpack.security.http.ssl.enabled is part of X-Pack for Elasticsearch, not Kibana.

The instructions for enabling SSL in Kibana are here

4

Ahh yes.
Fixed and now it's working!
I can login with https:/kibana1:5601.

This is an extract of my kibana.yml file:

elasticsearch.username: "kibana"
elasticsearch.password: "blah_+blah"

server.ssl.enabled: true
server.ssl.key: /etc/kibana/kibana1.key
server.ssl.certificate: /etc/kibana/kibana1.pem

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.