Hello World!
I'm trying to follow Install Kibana with Docker | Kibana Guide [7.17] | Elastic and even though it looks like Kibana started fine:
% docker compose logs --tail 1
kibana | {"type":"log","@timestamp":"2022-07-07T20:12:15+00:00","tags":["info","status"],"pid":7,"message":"Kibana is now available (was degraded)"}
%
I'm unable to login to Kibana w/ following banner:
Username or password is incorrect. Please try again.
I have checked the connectivity from within of the container and to my Elasticsearch cluster (using ca, cert and key) everything works without any issues, yet getting 401 in logs when try to login via Kibana using valid credentials:
% docker compose logs --tail 2
kibana | {"type":"log","@timestamp":"2022-07-07T19:03:07+00:00","tags":["info","plugins","security","routes"],"pid":7,"message":"Logging in with provider \"basic\" (basic)"}
kibana | {"type":"response","@timestamp":"2022-07-07T19:03:07+00:00","tags":[],"pid":7,"method":"post","statusCode":401,"req":{"url":"/internal/security/login","method":"post","headers":{"host":"X.X.X:5601","connection":"keep-alive","content-length":"175","sec-ch-ua":"\"Chromium\";v=\"104\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"104\"","dnt":"1","content-type":"application/json","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36","kbn-version":"7.17.4","sec-ch-ua-platform":"\"macOS\"","accept":"*/*","origin":"https://X.X.X:5601","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://X.X.X:5601/login?next=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"192.168.128.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36","referer":"https://X.X.X:5601/login?next=%2F"},"res":{"statusCode":401,"responseTime":544,"contentLength":124},"message":"POST /internal/security/login 401 544ms - 124.0B"}
same (or similar) request as above, however using curl
instead:
kibana@67b3beeb0eec:~$ curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt --cert /usr/share/elasticsearch/config/certificates/elastic7/elastic7.crt --key /usr/share/elasticsearch/config/certificates/elastic7/elastic7.key --user "$ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD" https://X.X.X:5601/internal/security/login -I
HTTP/1.1 401 Unauthorized
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
kbn-name: 7-k111
kbn-license-sig: bbac8ed5bf5514a791ee0acce3c70f1b237713fbd26cae45589ec69398171dfe
content-type: application/json; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate
content-length: 66
Date: Thu, 07 Jul 2022 19:53:40 GMT
Connection: keep-alive
Keep-Alive: timeout=120
kibana@67b3beeb0eec:~$
now using same credentials, however connecting to Elasticsearch cluster directly (w/out Kibana):
kibana@519e28384ee2:~$ curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt --cert /usr/share/elasticsearch/config/certificates/elastic7/elastic7.crt --key /usr/share/elasticsearch/config/certificates/elastic7/elastic7.key --user "$ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD" https://X.X.X:9200 -I
HTTP/2 200
x-elastic-product: Elasticsearch
content-type: application/json; charset=UTF-8
content-length: 544
x-envoy-upstream-service-time: 9
strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 07 Jul 2022 19:40:34 GMT
server: istio-envoy
kibana@519e28384ee2:~$
my kibana.yml
:
% cat ./config/kibana.yml | cut -d\: -f1
elasticsearch
hosts
- https
password
ssl
certificateAuthorities
verificationMode
username
monitoring
ui
container
elasticsearch
enabled
server
host
name
xpack
encryptedSavedObjects
encryptionKey
license_management
ui
enabled
reporting
encryptionKey
security
authc
providers
basic
basic1
order
oidc
Google
order
realm
encryptionKey
%
Please advise.