password authentication for URL

cbtshare · 01-25-2017, 04:48 PM

Hello all,

I want to setup password authentication for multiple ULR access using nginx.
My config is below, my issue is that it works for the main site but not the URL links, the application I want to restrict access to is Kibana.

It works when I enter the site http://staging-elkstack2 but my issue is this url I want to protect

Code:

http://staging-k2/app/kibana#/dashboard?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-15m,mode:quick,to:now))
OR
http://staging-k2/app/kibana#/dashboarD

Anyone has any idea how to do this?

Code:

 server {
        listen 80;
        server_name  staging-k2 ;

       
        location / {
          
            proxy_pass http://staging-k2:5602;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

            auth_basic "Protected Elasticsearch";
            auth_basic_user_file /etc/nginx/htpasswd.users;

        }


         location ~ ^/(app/kibana#/dashboard|app/kibana/dashboard|app/kibana#/dashboard*) {
         
            #proxy_http_version 1.1;
            #proxy_set_header Upgrade $http_upgrade;
            #proxy_set_header Connection 'upgrade';
            #proxy_set_header Host $host;
            #proxy_cache_bypass $http_upgrade;

             auth_basic "Protected admin";
             auth_basic_user_file /etc/nginx/htpasswd.admin;

                                        }

}

Habitual · 01-25-2017, 05:43 PM

I don't think you can protect valid JSON using basic_auth, or any other _auth. It's JSON and it's valid.
There's xpack that provides the "shield" and allows management of users and other resources.
Currently serving version 5.1.2 via repo.
kibana version?
Securing Elasticsearch and Kibana may help.

Hope that helps.

cbtshare · 01-25-2017, 07:53 PM

Quote:

Originally Posted by Habitual

I don't think you can protect valid JSON using basic_auth, or any other _auth. It's JSON and it's valid.
There's xpack that provides the "shield" and allows management of users and other resources.
Currently serving version 5.1.2 via repo.
kibana version?
Securing Elasticsearch and Kibana may help.

Hope that helps.

Thank you very much for your assistance.I had researched and found xpack, but my company wants the solution to be free.is there any other authentication method which would work in this scenario?

Habitual · 01-26-2017, 06:54 AM

Quote:

Originally Posted by cbtshare

Thank you very much for your assistance.I had researched and found xpack, but my company wants the solution to be free.is there any other authentication method which would work in this scenario?

No.
Shield, I guess is their an$wer to Security.
The guts of security are in the API, just not exposed in the Dashboard.

If I couldn't afford xpack, I'd do it on a month-by-month basis for an "extended trial".
I need to be able to dump to .pdf and only (so far) xpack can do that.
Great Product IMO, even without xpack.

I don't expose my Kibana to anyone, as there is no control.
My boss wants to help a client "examine" some data, Great. they get a new kibana machine because this one is for
INTERNAL USE ONLY.

cbtshare · 01-26-2017, 08:43 AM

thank you!!

Habitual · 01-26-2017, 10:29 AM

You are welcome!