LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-25-2017, 05:48 PM   #1
cbtshare
Member
 
Registered: Jul 2009
Posts: 641

Rep: Reputation: 42
password authentication for URL


Hello all,

I want to setup password authentication for multiple ULR access using nginx.
My config is below, my issue is that it works for the main site but not the URL links, the application I want to restrict access to is Kibana.

It works when I enter the site http://staging-elkstack2 but my issue is this url I want to protect
Code:
http://staging-k2/app/kibana#/dashboard?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-15m,mode:quick,to:now))
OR
http://staging-k2/app/kibana#/dashboarD
Anyone has any idea how to do this?



Code:
 server {
        listen 80;
        server_name  staging-k2 ;

       
        location / {
          
            proxy_pass http://staging-k2:5602;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

            auth_basic "Protected Elasticsearch";
            auth_basic_user_file /etc/nginx/htpasswd.users;

        }


         location ~ ^/(app/kibana#/dashboard|app/kibana/dashboard|app/kibana#/dashboard*) {
         
            #proxy_http_version 1.1;
            #proxy_set_header Upgrade $http_upgrade;
            #proxy_set_header Connection 'upgrade';
            #proxy_set_header Host $host;
            #proxy_cache_bypass $http_upgrade;

             auth_basic "Protected admin";
             auth_basic_user_file /etc/nginx/htpasswd.admin;

                                        }

}
 
Old 01-25-2017, 06:43 PM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
I don't think you can protect valid JSON using basic_auth, or any other _auth. It's JSON and it's valid.
There's xpack that provides the "shield" and allows management of users and other resources.
Currently serving version 5.1.2 via repo.
kibana version?
Securing Elasticsearch and Kibana may help.

Hope that helps.
 
Old 01-25-2017, 08:53 PM   #3
cbtshare
Member
 
Registered: Jul 2009
Posts: 641

Original Poster
Rep: Reputation: 42
Quote:
Originally Posted by Habitual View Post
I don't think you can protect valid JSON using basic_auth, or any other _auth. It's JSON and it's valid.
There's xpack that provides the "shield" and allows management of users and other resources.
Currently serving version 5.1.2 via repo.
kibana version?
Securing Elasticsearch and Kibana may help.

Hope that helps.
Thank you very much for your assistance.I had researched and found xpack, but my company wants the solution to be free.is there any other authentication method which would work in this scenario?
 
Old 01-26-2017, 07:54 AM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by cbtshare View Post
Thank you very much for your assistance.I had researched and found xpack, but my company wants the solution to be free.is there any other authentication method which would work in this scenario?
No.
Shield, I guess is their an$wer to Security.
The guts of security are in the API, just not exposed in the Dashboard.

If I couldn't afford xpack, I'd do it on a month-by-month basis for an "extended trial".
I need to be able to dump to .pdf and only (so far) xpack can do that.
Great Product IMO, even without xpack.

I don't expose my Kibana to anyone, as there is no control.
My boss wants to help a client "examine" some data, Great. they get a new kibana machine because this one is for
INTERNAL USE ONLY.
 
1 members found this post helpful.
Old 01-26-2017, 09:43 AM   #5
cbtshare
Member
 
Registered: Jul 2009
Posts: 641

Original Poster
Rep: Reputation: 42
thank you!!
 
Old 01-26-2017, 11:29 AM   #6
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
You are welcome!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't login as root - Debian 8.5 - authentication failed. remaining authentication methods 'publickey password' LnxRider Debian 11 07-31-2016 12:06 AM
How do i set up generic authentication for an URL rbala14 Linux - Security 1 03-28-2012 05:44 AM
[SOLVED] Is ssh keys authentication more secure than password authentication? GrepAwkSed Linux - Security 6 03-17-2012 09:25 PM
configure ssh authentication using password file and sftp/scp authentication using ld cameliab Linux - Software 1 08-29-2011 04:28 AM
LDAP Authentication - url ansrewdps Linux - Newbie 5 07-07-2011 09:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration