Configure Kibana 4 with Nginx | Securing Kibana 4 – CentOS 7

1
Kibana Logo
Kibana

In this tutorial we will be looking how to configure kibana 4 with Nginx. On version 4, kibana can be started as a standalone service instead of configuring Nginx to serve kibana installation.

There are two advantages when we configure Kibana 4 with Nginx,

1. Kibana 4 normally listens on port 5601 and it is accessible through http:ip-add-ress:5601. With Nginx, we can make kibana portal available on port 80 or 443; here we will configure Nginx with SSL for kibana to secure the communication between kibana and end user browser.

2. Kibana does not comes with any kind of password protected access to portal. With Nginx, we can configure in such a way that the user should fulfill authentication mechanism before entering to portal.

Install Nginx:

To install Nginx using yum we need to include the Nginx repository, install the Nginx repository.

# rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

Install the Nginx by issuing the following command.

# yum -y install nginx httpd-tools

Create a password file for basic authentication of http users, this is to enable the password protected access to kibana portal. Replace “raj” with your own user name.

# htpasswd -c /etc/nginx/conf.d/kibana.htpasswd raj

Configure Nginx:

Create a confiiguration file with the name kibana4.conf in /etc/nginx/conf.d directory.

# vi /etc/nginx/conf.d/kibana4.conf

Place the following content to the kibana4.conf file, assuming that both kibana and Nginx are installed on same server.

server {
listen      80;
server_name kibana.itzgeek.local;   ## Replace with your domain name
return 301 https://$server_name$request_uri;
}

server {
listen                *:443 ;
ssl on;
ssl_certificate /etc/pki/tls/certs/logstash-forwarder.crt;  ## Replace with your own certificate
ssl_certificate_key /etc/pki/tls/private/logstash-forwarder.key;  ## Replace with your own key
server_name           kibana.itzgeek.local; ## Replace with your domain name
access_log            /var/log/nginx/kibana.access.log;
error_log  /var/log/nginx/kibana.error.log;

location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
proxy_pass http://kibana.itzgeek.local:5601; ## Replace with your kibana instance
}
}

Restart the Nginx service.

# systemctl restart nginx.service

Configure SELinux;

I used to get a below errors in Nginx logs, SELinux is the one of the reason.

2015/04/09 15:01:20 [crit] 1190#0: *3 connect() to 127.0.0.1:5601 failed (13: Permission denied) while connecting to upstream

We can use the following command to generate the policy rules  that would allow Nginx to connect upstream server.

# grep nginx /var/log/audit/audit.log | audit2allow -M nginx
# semodule -i nginx.pp

Access Kibana:

Now access kibana portal with FQDN (http://kibana.itzgeek.local), you will be redirected to secure version of FQDN; you may asked to trust the secure connection incase if you have used self signed certificate. Once you redirected https version of website, you would be asked to enter the user name and password that you have created earlier.

Or you can use ipaddress instead of FQDN.

https://your-ip-address

 

Configure Kibana 4 with Nginx
Configure Kibana 4 with Nginx

That’s All!, you have successfully configured Kibana with Nginx.

You might also like