I have developed a system for monitoring social media traffic on Twitter, Telegram, etc, using Elasticsearch as the foundation. I made the code public a couple weeks ago: Installing Netwar System.
I found the Search Guard security model to be very challenging - looks great for enterprise architects who have an authentication platform they need to support, but for a small team oriented project, it’s a maze. Yesterday I wrote Installing Search Guard, which I hope makes the demo install a bit more digestible to someone with a unix admin background.
The next steps as far as articles with this should probably be:
- Set up some users as my specific use case requires.
- Walk through using self signed Certificate Authority behind Cloudflare CDN
- Show how to get proxy access working for dashboard embedding.
I’m comfortable with #1 and #2, already have that in operation, but #3 has me a bit puzzled. There is no need to provide access to Elasticsearch itself, I just want to make Kibana available in iframes. Our layout is as follows:
Cloudflare CDN responsible for our domain, terminates SSL for us, self-signed certs are fine.
Apache reverse proxy, used for user/pass authentication when we had plain ELK setup, still present, just transparently shifting 80/443 to 5601 on Kibana machine.
Kibana machine is an eight core/eight gig VPS, all it does is Kibana.
Elasticsearch port 9200 arrives on the Kibana machine via an ssh tunnel. Getting my fancy back end equipment into my fancy datacenter would add another zero to monthly costs, which is not going to happen.
I’ve been looking at the Google Group, posts like this one, seems like it should be simple, but I’d feel a lot better if there were a Github repo that contained a commented Kibana.yml and a companion config file for the proxy.
I’m not married to Apache2 in this role, someone else set it up, an nginx config /w companion kibana.yml would be great.
The Apache proxy is there because it was doing htpasswd stuff, I could quarter the proxy service on the machine running Kibana, or directly connect Kibana to the CDN if that would be smoother.
So … who has an example config they can share?