I am running a very basic Elastic and Kibana stack (latest 5.4.2 version). Both run on the default address, localhost:9200 and localhost:5601. This is on a dedicated debian server.
We also have nginx installed, which is setup as reverse proxy. So metrics.myproject.com (example) actually loads localhost:5601.
I have successfully installed the readonlyrest ES (free) plugin, with matching version. When Elastic starts, I can see in its log, that the plugin and rule blocks are loaded. What I have as rules are from the doc sample:
- name: "Block 1 - Allowing anything from localhost" hosts: [127.0.0.1] - name: "Block 2 - Other hosts can only read certain indices" actions: ["indices:data/read/*"] indices: ["logstash-*"] # aliases are taken in account!
Of course the indices are changed to what I have in ES.
If I visit my Kibana dashboard through the metrics.myproject.com, it is not read only. I can still edit/save visualizations and dashboards.
My guess is that this is due to the fact that Kibana itself runs on localhost:5601, so all requests going to Elastic are coming from localhost which is allowed all access.
What do I need to change in my setup to:
1; make Kibana through metrics.myproject.com read only?
2 enter the server/dashboard through shh and localhost:5601, and keep its full access?