Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connecting to remote elasticsearch with https auth #1361

Closed
icalvete opened this issue Jul 13, 2014 · 2 comments
Closed

Connecting to remote elasticsearch with https auth #1361

icalvete opened this issue Jul 13, 2014 · 2 comments

Comments

@icalvete
Copy link

I'm trying to connect a kibana to a remote elasticsearch protected with https + basic auth.

The conf of apache for elasticsearch vhost is like this...

  ServerName elasticsearch.xxxxxxxxxxxxx.xxx
  DocumentRoot "/srv/elasticsearch/"

  Header set Access-Control-Allow-Origin "*"
  Header set Access-Control-Allow-Methods "GET,POST,HEAD,DELETE,PUT,OPTIONS"

  ProxyRequests Off
  ProxyPass / http://localhost:9200/
  ProxyPassReverse / https://localhost:9200/

  <Location />
    AuthType Basic
    AuthName "Restricted Files"
    AuthBasicProvider file
    AuthUserFile /etc/apache2/htpasswd
    Require user kibana
  </Location>

I have kibana protected with the same way.

my kibana config is...

elasticsearch: {server: "elasticsearch.xxxxxxxxxxxxx.xxx"},

I have this error:..

Error Could not contact Elasticsearch at https://elasticsearch.xxxxxxxxxxxxx.xxx. Please ensure that Elasticsearch is reachable from your system.

In javascript console I can see...

XMLHttpRequest cannot load https://elasticsearch.xxxxxxxxxxxxx.xxx/_nodes. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://kibana.xxxxxxxxxxxxx.xxx' is therefore not allowed access.

But I have already setted up this headers...

headers

Any idea?

Thanks.
@stha
Copy link

stha commented Jul 13, 2014

Try to use:

elasticsearch: {server: "elasticsearch.xxxxxxxxxxxxx.xxx", withCredentials: true},

On the Server you will probably have to add the header

Access-Control-Allow-Credentials: true

and specify a proper domain in the Access-Control-Allow-Origin-Header (Not the '*', as the browser will throw you another error).

Otherwise you should take a look at #1316.

@icalvete
Copy link
Author

Thank b00nb0b,

Your suggestion almost work for me.

I only have had that add the one more header to the elasticsearch virtual host in the apache config.

The header has been Access-Control-Allow-Credentials with value true.

So at the end my config looks like this:

Apache elasticsearch Virtual Host:

  ServerName elasticsearch.xxxxxxxxxxxxx.xxx
  DocumentRoot "/srv/elasticsearch/"

  Header set Access-Control-Allow-Origin "*"
  Header set Access-Control-Allow-Methods "GET,POST,HEAD,DELETE,PUT,OPTIONS"
  Header set Access-Control-Allow-Credentials true

  ProxyRequests Off
  ProxyPass / http://localhost:9200/
  ProxyPassReverse / https://localhost:9200/

  <Location />
    AuthType Basic
    AuthName "Restricted Files"
    AuthBasicProvider file
    AuthUserFile /etc/apache2/htpasswd
    Require user kibana
  </Location>

Kibana config.js:

elasticsearch: {server: "https://elasticsearch.xxxxxxxxxxxxx.xxx", withCredentials: true},

This was referenced Jan 17, 2022
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@icalvete @stha