gpt4 book ai didi

nginx - Kibana 4,Logstash 仪表板 : how do I require Nginx authentication when saving but allow anonymous views?

转载 作者:行者123 更新时间:2023-12-02 04:47:55 27 4
gpt4 key购买 nike

我想要求 auth_basic nginx 身份验证来保存所有 kibana 4 仪表板,但允许任何人在没有身份验证的情况下查看仪表板。

我最近使用 DigitalOcean 在 Ubuntu 14.04 上安装了 ELK(Elasticsearch 1.4.5、Logstash 1:1.5.2-1 和 Kibana 4.1.1)堆栈 tutorial .

因为 kibana 使用基于浏览器的 javascript 向 elasticsearch 发送查询,所以我不确定如何确定要保护的内容。

DigitalOcean 提供了一个 nginx 配置来完全安全地访问 kibana 4。

FILE:/etc/nginx/sites-available/default
server {
listen 80;
return 301 https://logstash.nyc.3top.com;
}
server {
listen 443;

ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

server_name logstash.example.com;
access_log /var/log/nginx/kibana.access.log;

auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;

location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

Elastic 提供了一个 nginx sample config要为 Kibana 3 而不是 Kibana 4 完成此操作:

server {
listen *:80 ;

server_name kibana.myhost.org;
access_log /var/log/nginx/kibana.myhost.org.access.log;

location / {
root /usr/share/kibana3;
index index.html index.htm;
}

location ~ ^/_aliases$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
}
location ~ ^/.*/_aliases$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
}
location ~ ^/_nodes$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
}
location ~ ^/.*/_search$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
}
location ~ ^/.*/_mapping {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
}

# Password protected end points
location ~ ^/kibana-int/dashboard/.*$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
limit_except GET {
proxy_pass http://127.0.0.1:9200;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.myhost.org.htpasswd;
}
}
location ~ ^/kibana-int/temp.*$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
limit_except GET {
proxy_pass http://127.0.0.1:9200;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.myhost.org.htpasswd;
}
}
}

有人知道如何为 Kibana 4 执行此操作吗?

这是我的 elasticsearch 和 kibana 配置文件:

/etc/elasticsearch/elasticsearch.yml

network.host: localhost

/opt/kibana/config/kibana.yml

port: 5601
host: "localhost"
elasticsearch_url: "http://localhost:9200"
elasticsearch_preserve_host: true
kibana_index: ".kibana"
default_app_id: "discover"
request_timeout: 300000
shard_timeout: 0
verify_ssl: true
bundled_plugin_ids:
- plugins/dashboard/index
- plugins/discover/index
- plugins/doc/index
- plugins/kibana/index
- plugins/markdown_vis/index
- plugins/metric_vis/index
- plugins/settings/index
- plugins/table_vis/index
- plugins/vis_types/index
- plugins/visualize/index

最佳答案

您可能需要利用 nginx 的条件功能来实现这一点。 This gist可能是一个很好的起点。让我知道这是否适合您。

关于nginx - Kibana 4,Logstash 仪表板 : how do I require Nginx authentication when saving but allow anonymous views?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31389645/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com