LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   password authentication for URL (https://www.linuxquestions.org/questions/linux-newbie-8/password-authentication-for-url-4175598251/)

cbtshare 01-25-2017 04:48 PM
password authentication for URL
 
Hello all,

I want to setup password authentication for multiple ULR access using nginx.
My config is below, my issue is that it works for the main site but not the URL links, the application I want to restrict access to is Kibana.

It works when I enter the site http://staging-elkstack2 but my issue is this url I want to protect
Code:
http://staging-k2/app/kibana#/dashboard?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-15m,mode:quick,to:now))
OR
http://staging-k2/app/kibana#/dashboarD
Anyone has any idea how to do this?



Code:
server {
        listen 80;
        server_name  staging-k2 ;

     
        location / {
         
            proxy_pass http://staging-k2:5602;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

            auth_basic "Protected Elasticsearch";
            auth_basic_user_file /etc/nginx/htpasswd.users;

        }


        location ~ ^/(app/kibana#/dashboard|app/kibana/dashboard|app/kibana#/dashboard*) {
       
            #proxy_http_version 1.1;
            #proxy_set_header Upgrade $http_upgrade;
            #proxy_set_header Connection 'upgrade';
            #proxy_set_header Host $host;
            #proxy_cache_bypass $http_upgrade;

            auth_basic "Protected admin";
            auth_basic_user_file /etc/nginx/htpasswd.admin;

                                        }

}

Habitual 01-25-2017 05:43 PM
I don't think you can protect valid JSON using basic_auth, or any other _auth. It's JSON and it's valid.
There's xpack that provides the "shield" and allows management of users and other resources.
Currently serving version 5.1.2 via repo.
kibana version?
Securing Elasticsearch and Kibana may help.

Hope that helps.

cbtshare 01-25-2017 07:53 PM
Quote:
Originally Posted by Habitual (Post 5660206)
I don't think you can protect valid JSON using basic_auth, or any other _auth. It's JSON and it's valid.
There's xpack that provides the "shield" and allows management of users and other resources.
Currently serving version 5.1.2 via repo.
kibana version?
Securing Elasticsearch and Kibana may help.

Hope that helps.
Thank you very much for your assistance.I had researched and found xpack, but my company wants the solution to be free.is there any other authentication method which would work in this scenario?

Habitual 01-26-2017 06:54 AM
Quote:
Originally Posted by cbtshare (Post 5660264)
Thank you very much for your assistance.I had researched and found xpack, but my company wants the solution to be free.is there any other authentication method which would work in this scenario?
No.
Shield, I guess is their an$wer to Security.
The guts of security are in the API, just not exposed in the Dashboard.

If I couldn't afford xpack, I'd do it on a month-by-month basis for an "extended trial".
I need to be able to dump to .pdf and only (so far) xpack can do that.
Great Product IMO, even without xpack.

I don't expose my Kibana to anyone, as there is no control.
My boss wants to help a client "examine" some data, Great. they get a new kibana machine because this one is for
INTERNAL USE ONLY.

cbtshare 01-26-2017 08:43 AM
thank you!!

Habitual 01-26-2017 10:29 AM
You are welcome!


All times are GMT -5. The time now is 10:11 PM.