Way to secure kibana access

Sebastien_Allamand · January 8, 2016, 5:23pm

Hello,

I’m using ELK catalog for my logging solution whis is a very great tooling thanks all you guys for the hard work.

I’m looking to a way to secure both kibana and kopf access so that it will be enabled only to registered people.

Because I’m giving access to kibana and koph using Rancher LB, I was wondering on using HaProxy basic authent ==> does someone have example on how to configure this ?

Is there guidelines on how to do this ?

Thanks

Sébastien

meteormanaged · January 8, 2016, 5:30pm

You could do this pretty simply by:

Only exposing kibana internally.
Putting an nginx instance in front of kibana and using basic http auth.

Sebastien_Allamand · January 12, 2016, 3:10pm

there already a nginx proxifying request to kibana through the catalog, but i don’t think there is an option to configure basic auth from the catalog directly ?

FloTiX · January 28, 2016, 2:53pm

Hi Sebastien,

You need to clic on “View in API” on your nginx-proxy container and EDIT it.
And modify metadata “nginx” to for example

{"conf":{"servername":"kibana","upstream_port":5601,"users":"admin"},"users":{"0":{"username":"admin","password":"{PLAIN}helloworldpassword"}}}

orlando · June 4, 2016, 12:24pm

Thanks, the {PLAIN} in the password looks like was the thing I was missing.

pierreozoux · June 7, 2016, 5:31pm

Ok, this solves the issue for Kibana, but what about kopf, does it mean we have to add an nginx in front?

Thanks for your answers!

Topic		Replies	Views
OAuth2_proxy template? Rancher 1.x	1	1341	February 29, 2016
Securley Accessing Prometheus and Kibana in Production Rancher	3	602	November 3, 2018
What's the best practice for securing Rancher access/login? Rancher	6	1188	June 19, 2020
External auth proxy Rancher	1	529	February 3, 2020
Restrict access to some containers only from private network Rancher 1.x	1	1221	August 21, 2017

Way to secure kibana access

Related topics