How to protect Kibana only with SearchGuard ?

Hi all,

I have installed Elasticsearch + Logstash + Kibana (all 6.2.1). All running on their own dedicated servers. I’d like to add authentication + https to KIbana only so people using their accounts can login to Kibana over https but don’t (fow now) need any TLS between Kibana/Logstash/Elasticsearch.
Can I do that somehow ?

Why don’t you need TLS between Kibana and Elasticsearch? You can do that, but your complete traffic would be unencrypted, and it’s pretty easy to set up. But here you go:

For Kibana using HTTPS, follow the official Elastic instructions for that: https://www.elastic.co/guide/en/kibana/current/production.html#enabling-ssl

To disable TLS on the REST layer in Search Guard, set:

searchguard.ssl.http.enabled: false

in elasticsearch.yml.

Then on Kibana side, just configure the the Elasticsearch URL to use HTTP:

elasticsearch.url: “http://elastic.example.com:9200

···

On Monday, February 26, 2018 at 8:13:11 PM UTC+1, P wrote:

Hi all,

I have installed Elasticsearch + Logstash + Kibana (all 6.2.1). All running on their own dedicated servers. I’d like to add authentication + https to KIbana only so people using their accounts can login to Kibana over https but don’t (fow now) need any TLS between Kibana/Logstash/Elasticsearch.
Can I do that somehow ?

Oh, maybe I got you wrong. If the question is if you can protect Kibana without installing Search Guard on Elasticsearch, the answer is no, that is not possible and would not make much sense either.

···

On Monday, February 26, 2018 at 8:28:08 PM UTC+1, Jochen Kressin wrote:

Why don’t you need TLS between Kibana and Elasticsearch? You can do that, but your complete traffic would be unencrypted, and it’s pretty easy to set up. But here you go:

For Kibana using HTTPS, follow the official Elastic instructions for that: https://www.elastic.co/guide/en/kibana/current/production.html#enabling-ssl

To disable TLS on the REST layer in Search Guard, set:

searchguard.ssl.http.enabled: false

in elasticsearch.yml.

Then on Kibana side, just configure the the Elasticsearch URL to use HTTP:

elasticsearch.url: “http://elastic.example.com:9200

On Monday, February 26, 2018 at 8:13:11 PM UTC+1, P wrote:

Hi all,

I have installed Elasticsearch + Logstash + Kibana (all 6.2.1). All running on their own dedicated servers. I’d like to add authentication + https to KIbana only so people using their accounts can login to Kibana over https but don’t (fow now) need any TLS between Kibana/Logstash/Elasticsearch.
Can I do that somehow ?

Well,
it looks like my configuration with SG doesn’t work and I just wanted to have the simplest possible config running.

···

On Monday, February 26, 2018 at 7:34:07 PM UTC, Jochen Kressin wrote:

Oh, maybe I got you wrong. If the question is if you can protect Kibana without installing Search Guard on Elasticsearch, the answer is no, that is not possible and would not make much sense either.

On Monday, February 26, 2018 at 8:28:08 PM UTC+1, Jochen Kressin wrote:

Why don’t you need TLS between Kibana and Elasticsearch? You can do that, but your complete traffic would be unencrypted, and it’s pretty easy to set up. But here you go:

For Kibana using HTTPS, follow the official Elastic instructions for that: https://www.elastic.co/guide/en/kibana/current/production.html#enabling-ssl

To disable TLS on the REST layer in Search Guard, set:

searchguard.ssl.http.enabled: false

in elasticsearch.yml.

Then on Kibana side, just configure the the Elasticsearch URL to use HTTP:

elasticsearch.url: “http://elastic.example.com:9200

On Monday, February 26, 2018 at 8:13:11 PM UTC+1, P wrote:

Hi all,

I have installed Elasticsearch + Logstash + Kibana (all 6.2.1). All running on their own dedicated servers. I’d like to add authentication + https to KIbana only so people using their accounts can login to Kibana over https but don’t (fow now) need any TLS between Kibana/Logstash/Elasticsearch.
Can I do that somehow ?