#ElasticSearch

In my previous post, I’ve shown a way to expose Kibana (ELK) instance to the internet using Nginx. This helps us hide our internal infrastructure behind a secure gateway reverse proxy. This, however, doesn’t mean that the actual Elastic Stack is secure. To do this, we need to configure the security settings for the cluster and related supporting applications. In this article, I will show how to do exactly this.

Naturally, these settings are added to your configuration files, like elasticsearch.yml, logstash.yml or kibana.yml.
Since I am using Docker, from now on I will be showing how to set up these settings using environmental variables in Docker or Kubernetes containers.

Read More

Have you tried to set up Kibana in a subpath just to be met by the error {"statusCode":404,"error":"Not Found","message":"Not Found"}?
Or maybe you want to secure your infrastructure using Nginx reverse proxy.

I will show you how to do these two things at the same time.
I’ve written this guide, because the information found here, was scattered through many pages and takes time to find out and test.

Setting the Nginx reverse proxy

There’s not much to it, just add the following snippet to your configuration:

1
2
3
location ~ /kibana {
proxy_pass http://kibanaURL:5601;
}

Tgus tells Nginx to redirect all the traffic coming to the /kibana subpath to your Kibana server.

Setting Kibana

Now, there are two ways to set Kibana - environmental variables, when using a Docker container or through the kibana.yml.
Since I’m using Docker, let me start with this one.

1
2
3
4
5
6
7
8
9
10
11
12
kibana:
image: docker.elastic.co/kibana/kibana:7.11.0
container_name: Kibana
ports:
- "5601:5601"
environment:
- "SERVER_BASEPATH=/kibana"
- "SERVER_HOST=0.0.0.0"
- "ELASTICSEARCH_URL=http://es:9200"
- "ELASTICSEARCH_HOSTS=http://es:9200"
- "XPACK_SECURITY_ENABLED=true"
- "SERVER_REWRITEBASEPATH=true"

The two important things here are SERVER_BASEPATH, which tells Kibana to server its pages from /kibana instead of /, and
SERVER_REWRITEBASEPATH, which tells Kibana to handle rewriting of page and API URL requests coming under the /kibana subpath.
You can set your server to do this, but using the Kibana setting is a lot easier, most of the time.

In the yml file, these two settings are called:

1
2
server.basePath
server.rewriteBasePath

That’s it! I hope this saved you some time.

Additiopnal consideration

If you’re planning to expose your Kibana app to the internet, through reverse proxy, make sure you have the proper security configuration in place.

Inspiration:

https://serverfault.com/questions/775958/reverse-proxy-for-nginx-configuration-for-subpath
https://discuss.elastic.co/t/kibana-and-nginx-in-subpath/90280/5
https://www.elastic.co/guide/en/kibana/master/settings.html#server-rewriteBasePath
https://stackoverflow.com/questions/17423414/nginx-proxy-pass-subpaths-not-redirected
https://forum.chirpstack.io/t/running-application-behind-reverse-proxy-with-subpath/7057