Add Proxy and Basic Security to Kibana
2022-02-21
If you have multiple or older versions of Kibana, or if you haven’t configured TLS and authentication, anyone can directly access Kibana. Using the INFINI Gateway, you can quickly fix this issue.
Use HTTP Filter to Forward Requests #
- http:
schema: "http" #https or http
host: "192.168.3.188:5602"
Add Authentication #
- basic_auth:
valid_users:
medcl: passwd
Replace Static Resources in the Router #
- method:
- GET
pattern:
- "/plugins/kibanaReact/assets/illustration_integrations_lightmode.svg"
flow:
- replace_logo_flow
Enable TLS #
- name: my_es_entry
enabled: true
router: my_router
max_concurrency: 10000
network:
binding: 0.0.0.0:8000
tls:
enabled: true
Complete Configuration #
entry:
- name: my_es_entry
enabled: true
router: my_router
max_concurrency: 10000
network:
binding: 0.0.0.0:8000
skip_occupied_port: true
tls:
enabled: true
flow:
- name: logout_flow
filter:
- set_response:
status: 401
body: "Success logout!"
- drop:
- name: replace_logo_flow
filter:
- redirect:
uri: https://elasticsearch.cn/uploads/event/20211120/458c74ca3169260dbb2308dd06ef930a.png
- name: default_flow
filter:
- basic_auth:
valid_users:
medcl: passwd
- http:
schema: "http" #https or http
host: "192.168.3.188:5602"
router:
- name: my_router
default_flow: default_flow
rules:
- method:
- GET
- POST
pattern:
- "/_logout"
flow:
- logout_flow
- method:
- GET
pattern:
- "/plugins/kibanaReact/assets/illustration_integrations_lightmode.svg"
flow:
- replace_logo_flow
Result #
When accessing Kibana through the gateway, login is required:
After logging in, you can see that the resources inside Kibana are replaced:
Conclusion #
Through the INFINI Gateway, there are more possibilities to explore. For example, you can replace the logo inside Kibana, replace JavaScript and CSS files, and dynamically add navigation, pages, visualizations, and more using JavaScript and CSS combinations.
Medcl
Pursuing Excellence, Infinite Possibilities!
热门文章