Nginx – Configure Nginx, Kibana, Elasticsearch

elasticsearchkibananginx

My setup

Nginx + Kibana – same box different domain, sub-domain (nginx – example.com, kibana – kibana.example.com)

Elasticsearch – 192.168.100.31

I have used the config defined below. Replaced 127.0.0.1 with Elasticsearch ip 192.168.100.31

https://github.com/elasticsearch/kibana/blob/master/sample/nginx.conf

This setup works within local network. But fails when connecting externally with error message on browser "Error Could not contact Elasticsearch at http://192.168.100.31:9200. Please ensure that Elasticsearch is reachable from your system.".

Kibana config.js points to ip and port 9200 – 

  elasticsearch: "http://192.168.100.31:9200",

Note: Changing this port to match port defined in nginx config 8433 makes it stop functioning.

nginx config

server {
    listen          8443 ssl;
    server_name     kibana.example.com;

    access_log  /var/logs/nginx/kibana.access.log main;
    error_log   /var/logs/nginx/kibana.error.log;

    auth_basic "Authorized users";
    auth_basic_user_file /file/location/kibana.htpasswd;

    location / {
        root  /usr/local/kibana-3.1.0;
        index  index.html  index.htm;            
    }       

    location ~ ^/_aliases$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
    }
    location ~ ^/.*/_aliases$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
    }
    location ~ ^/_nodes$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
    }
    location ~ ^/.*/_search$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
    }
    location ~ ^/.*/_mapping {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
    }

    # Password protected end points
    location ~ ^/kibana-int/dashboard/.*$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
        limit_except GET {
          proxy_pass http://192.168.100.31:9200;
          # auth_basic "Restricted";
          # auth_basic_user_file /file/location/kibana.htpasswd;
        }
    }
    location ~ ^/kibana-int/temp.*$ {
        proxy_pass http://192.168.100.31:9200;
        proxy_read_timeout 90;
        limit_except GET {
            proxy_pass http://192.168.100.31:9200;
            # auth_basic "Restricted";
            # auth_basic_user_file /file/location/kibana.htpasswd;
        }
    }
}

Feels there has to be some proxy setting between nginx and elasticsearch to prevent local ip displayed on browser. Can someone show how to get this configured.

Best Answer

Found solution, had to set PROXY in nginx and of course set FQDN matching in Kibana's configs.js

Related Topic