Thank you for you reply.
The purpose of putting a proxy in front of Kibana is I already have my authentication service.
It is used to by-pass the authentication because I’m not using Enterprise License (It is in review stage to buy the license).
When user access a known URL, ex logging.mycompany.com (Apache), it will redirect to authentication service URL.
After the user logged in the authentication URL will redirect to logging.mycompany.com with the user information such as User ID, First Name, Last Name or etc.
Before this step, I configured the user name, role and permission in Search Guard.
So, for your questions.
- Is it to load balance between the Kibana instances?
Actually, the Kibana instances are behind AWS Load Balancer and Routes 53 but there is the network connectivity design. I cannot point the DNSs directly just works only on IP. The Apache server is on-premise infrastructure. - Is it to authenticate users and then load balance between the Kibana instances?
Yes.
It is great if I don’t need to add authentication headers. I prefer this solution. Please suggest and correct the configuration.
For the Kibana configuration, elasticsearch.hosts is my ES data cluster and xpack.monitoring.elasticsearch.hosts is my monitoring ES data cluster. So, I can view the log data (Discover) and the monitor data (Monitoring tab).
For the three auth domains, I think I only need Basic Auth and Proxy Auth for my requirements.