CODEWITHSUNDEEP
nginxelasticsearchkibana
Mrgr8m4
Mrgr8m4

Reputation: 502

How to block selected Kibana subpages using nginx?

I have a question associated with nginx. I use elasticsearch and Kibana to store and visualize data. I want to block access to selected subpages in Kibana using nginx. There is a couple subpages (apps) in Kibana:

I want to give a permission to all users who have a password to Visualize, Dashboard and Timelion subpages. But I want to block (using diffrent password) Discover, Dev Tools and Management subpages. I created three files.

kibana.conf:

server {
listen *:5611;
server_name localhost;
access_log /var/log/nginx/kibana-access.log;
error_log /var/log/nginx/kibana-error.log;

location / {
auth_basic "Access denied";
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
proxy_pass localhost:5601;
}

location /app/kibana#/management {
auth_basic "Access denied";
auth_basic_user_file /etc/nginx/conf.d/kibana-admin.htpasswd;
proxy_pass localhost:5601;
}

location /app/kibana#/dev_tools {
auth_basic "Access denied";
auth_basic_user_file /etc/nginx/conf.d/kibana-admin.htpasswd;
proxy_pass localhost:5601;
}

location /app/kibana#/discover {
auth_basic "Access denied";
auth_basic_user_file /etc/nginx/conf.d/kibana-admin.htpasswd;
proxy_pass localhost:5601;
}
}

The problem is that when I open localhost:5611 in my browser and log in as user 'elastic' I have a permission to all subpages. What should I change in config file to block admin subpages for user 'elastic'? Is it possible with nginx?

Upvotes: 1

Views: 877

Answers (1)

Jordan Wells
Jordan Wells

Reputation: 101

I don't think this is possible to do with nginx, you might want to look into alternatives for securing kibana.

Searchguard is a good open source method of securing kibana. There is also X-Pack which comes with a handful of useful features for the ELK stack (not so open source...)

Upvotes: 1

Related Questions