-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Elasticsearch behind proxy with basic auth #3302
Comments
Ok, sorry for being to unspecific here. Kibana is latest v4 installed via the elkstack chef cookbook by rackspace. Both, kibana and elasticsearch are accessed behind an https proxy (nginx). They are currently both running on the same machine, which is for testing purposes only, so in the future the plan would be to have everything run on separate instances. |
Kibana should work no problem with a proxy as long as its probably configured. Unfortunately we can't really debug your proxy setup here, but we've tested it with a light weight node proxy and everything is working as expected. For what its worth, you really don't need this proxy:
|
Kibana 4 elasticsearch basic auth support is broken. It is caused by the url being reconstructed for no good reason in routes/proxy.js, and the reconstruction striping out the username and password. Which is also known as uri.auth. What makes this even worse is that because elasticsearch is proxied by kibana, it will ask the user for the username and password via http auth. Then for the cherry on top if you use basic http auth with kibana, then they override each other. routes/proxy.js:62: Works: Better: |
To get it fully working I had to use the additional code below. Otherwise proxy.js reads headers from the client and overrides the configuration. routes/proxy.js:61: |
I created PR #3329 with my changes. |
Using kibana with elasticsearch behind a proxy with basic auth is currently not possible. I configured the elasticsearch_url in kibana.yml to "https://user:pass@host.com:443/", but when I access kibana (which is also behind a proxy with basic auth) I get asked for the elasticsearch password for each request. It seems to me that for each request (image, css, etc.) the basic auth is requested and I thus have to enter the kibana and the elasticsearch auth information alternatingly.
The text was updated successfully, but these errors were encountered: