49
详解:Nginx反代实现Kibana登录认证功能
source link: https://www.linuxprobe.com/nginx-proxy-kibana.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Kibana 5.5 版后,已不支持认证功能,也就是说,直接打开页面就能管理,想想都不安全,不过官方提供了 X-Pack 认证,但有时间限制。毕竟X-Pack是商业版。
下面我将操作如何使用Nginx反向代理实现kibana的认证功能。
安装Apache Httpd 密码生成工具
$ yum install httpd-tools -y
生成Kibana认证密码
$ mkdir -p /usr/local/nginx/conf/passwd $ htpasswd -c -b /usr/local/nginx/conf/passwd/kibana.passwd Userrenwolecom GN5SKorJ Adding password for user Userrenwolecom
配置Nginx反向代理
在Nginx配置文件中添加如下内容(或新建配置文件包含):
$ vim /usr/local/nginx/conf/nginx.conf
server {
listen 10.28.204.65:5601;
auth_basic "Restricted Access";
auth_basic_user_file /usr/local/nginx/conf/passwd/kibana.passwd;
location / {
proxy_pass http://10.28.204.65:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
配置Kibana
取消下面注释:
$ vim /usr/local/kibana/config/kibana.yml server.host: "10.28.204.65"
重启 Kibana 及 Nginx 服务使配置生效
$ systemctl restart kibana.service $ systemctl restart nginx.service
接下来浏览器访问 http://103.28.204.65:5601/ 会提示验证弹窗,输入以上生成的用户密码登录即可。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK