Kibana asking for credentials - elasticsearch

I set up a Kibana server that is accesing an External ElasticServer Datasource. Nignx is on top, and I access Kibana through it.
On the initial config, I set up the credentials of Kibana using:
sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin
Then I was able to access the Kibana Web Console, and see it running. However, the external elasticServer was not configured, so I edited the kibana.yml file to point that external ElasticServer.
elasticsearch.url: "https://bluemix-sandbox-dal-9-portal0.dblayer.com:18671/"
elasticsearch.username: "admin"
elasticsearch.password: "mypass"
When I restarted Kibana, it was able to connect to the elasticsearch server, and in fact it seems that it wrote an entry on the index there.
However, now I am asked for some credentials to get connected to the Kibana Web interface. They are not the kibanaadmin I set up previously, or the ones on elasticsearch database. Which credentials should i use?

Are you sure you're not running Kibana from the wrong ES instance and both Kibana and Nginx are running on the same server. Haven't tried it out personally but then the below links could be handy.
Enabling Kibana Authentication with Nginx
Securing Elasticsearch, Kibana with nginx
Git- Kibana with Nginx Reverse Proxy

Related

Can't access Kibana in browser (ELK 8.2)

I'm trying to set up an ELK stack on a remote Oracle Cloud server, but I can't access kibana from a browser. Installation using deb package. The version of elasticsearch and kibana I'm installing is 8.2 (in this version, security settings are already enabled by default, including settings and generation of security certificates) - the latest version for now. I perform the installation according to the instructions from the official site, but nothing is said there about the remote access settings.
I tried to change the settings in the kibana.yaml file, uncommented the "server.port: 5601" field and edited server.host: "my ip" (I also tried server.host: "0.0.0.0"), but this does not help .
I also tried to access from the network directly to elasticsearch. I edited its configuration in a similar way, but it did not help. In my case, access to elasticsearch from the network is not essential, but I would also like to get it.
I know that Oracle servers by default have restrictions on the forwarded traffic, so I unblocked the elastic and kibana ports (9200 and 5601) in the Oracle control panel.
I also allowed ports 9200 and 5601 through ipitables. The UFW firewall is by default in the "inactive" status. When checked through nmap, both ports return a "filtered" status.
Please help fix the issue. I'm just doing a standard installation according to the instructions and I don't understand what the problem is.
I solved the problem by setting up a reverse proxy nginx so that it redirects requests coming to the server to localhost:5601. These two articles helped me, I hope it helps someone else:
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-20-04-ru (step 2)

How to expose my Elastic Search server to the internet?

I've done installed my ElasticSearch (ES) Server on a VPS Centos. I did test the ES inside the Server and it response correctly.
My next step, is to allow my website which is host on a different web host to access and index its data content into my ES server.
My question is, what is the recommended way of exposed the ES to the internet, so my website can access to it to perform index and search? Is there's authentication method that I need to install ?
You need to include network.host:0.0.0.0 in your elasticsearch.yml file so that it listens on the non-loopback address and after that, if your app-server and ES are both in the same VPC, app-server will be able to connect to ES(provided if you exposed 9200 port in security group(in case of AWS).
And hopefully, your app-server port is exposed to the internet which internally connects to ES, you should not expose 9200 port of ES or Elasticsearch to the internet.
If you want an extra layer of security, you can enable x-pack basic which is included in the free tier and can be enabled using xpack.security.enabled: true in elasticsearch.config.
Refer x-pack features and configuration for more info.

How to Access ElasticSearch From Server?

I am using elastic search in my ubuntu16.04 server. When i am trying to access elasticsearch from browser by using url ip:port/_cat/indices?v. I am getting site can't be reached. After that i am change the network.host value to network.host: 0.0.0.0. After change the network.host ip the search engine not started. How can i access the elasticsearch in my browser.I changed the port also.
Thank you..
There can be many reasons for ES not being reachable. I would start with the obvious and make sure that:
ES is listening on the port: on the ES instance when you run 'curl
ip:port' you should get an answer. if not the service didn't start
well.
make sure there are no firewall rules/security groups that prevent
access from remote network.
make sure network.publish_host is configure correctly:
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html#advanced-network-settings
more info here: ElasticSearch instance not reachable from outside the server - Azure Windows 2012

Kibana unable to connect to Elasticsearch

I am having trouble getting Kibana to connect to elasticsearch. The error I get is below;
plugin:elasticsearch#5.6.1 Request Timeout after 3000ms
Elasticsearch has been deployed via kubernetes and runs as a service called monitoring-es with a cluster IP of 100.63.124.194.
In my Kibana.yml file I have set the elasticsearch url as;
elasticsearch.url: "http://100.63.124.194:9200"
However I still get the same error. Is this the correct value or is there something I am missing?
Thanks

How to allow requests to elasticsearch only from a list of ips/domains

I read the docs, but I couldn't make it work.
I have a server that holds elasticsearch and external ones that query it. Until now I can access the elasticsearch from any ip.
Example:
the public ip:port of elasticsearchserver: 123.123.123.123:9200
I have the domains: anothersocialnetwork.com and anothersocialnetwork2.com
and I want only them and localhost to be able to query the elasticsearch server.
Thank you alot
There are multiple way to achieve this. The one i would like to advice is as follows -
Run Elasticsearch in localhost interface by network.host as localhost in elasticsearch.yml file.
Now only applications in localhost can access the application
Place a proxy like nginx or apache and this proxy would be able to access elasticsearch. Now whitelist the IP's you want to access Elasticsearch in the proxy.
Also you can take a look at Elasticsearch jetty plugin. It has some security configurations along with it. But i am not sure if its actively developed.
Also on security Elasticsearch , i would recommend to go through this blog.

Resources