Problem with session management

Zenisek · June 17, 2020, 11:13am

Hello,

I have a problem with the configuration of session management. I have two elasticsearch cluster with RO REST plugins (elasticsearch plugin and kibana enterprise plugin) deva-eltrack and sys-eltrack. I would like to set urls for kibanas of each cluster like this192.168.234.46/sys-eltrack, 192.168.234.46/deva-eltrack. SYS and DEVA are environments and eltrack is the name of the cluster. Before kibanas I have nginx proxy. I tried to configure kibana.yml by the documentation. But without success.

I tried to log in to deva-eltrack show list of indices, for example, and then I switched to sys-eltrack. After this step deva-eltrack was logged out a sys-eltrack was rewritten to deva-eltrack. In the index for the sessions are saved information about sessions, but still doesn’t work
Can you help me with the configuration, please? I would like to be logged in on both kibanas and switch between them without a problem. I don’t know if this is a problem of RO REST settings or proxy settings.

Best regards

Ivan Zenisek

kibana.yml

server.port: 5601
server.host: "0"
server.name: kibana1
server.basePath: "/sys-eltrack"
elasticsearch.url: "http://192.168.234.46:9200"

elasticsearch.username: "kibana"
elasticsearch.password: "xxx"

xpack.security.enabled: false

#READONLYREST plugin
readonlyrest_kbn.cookiePass: "fjlj4oraf1a2dsfasf4dfas64ff721vasdfafdfasd" //different for each kibana
readonlyrest_kbn.store_sessions_in_index: true
readonlyrest_kbn.whitelistedPaths: [".*/api/status$"]
readonlyrest_kbn.clearSessionOnEvents: ["never"]

nginx.conf

user  nginx;
worker_processes auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {    
    upstream sys {
        server 192.168.234.46:5601;    
    }
    upstream deva {
        server 192.168.234.46:5602;
    }
    server {
        listen 80;

        location /sys-eltrack/{
            proxy_pass http://sys/;
            rewrite ^/sys-eltrack/(.*)$ /$1 break;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header  Host $http_host;
        }

        location /deva-eltrack/ {
            proxy_pass http://deva/;
            rewrite ^/deva-eltrack/(.*)$ /$1 break;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header  Host $http_host;
        }
    }
}

sscarduzio · June 17, 2020, 3:30pm

I think this could be resolved easily setting a custom cookie name for one (or both) the instances.
For example

readonlyrest_kbn.cookieName: "rorCookie_deva"

and

readonlyrest_kbn.cookieName: "rorCookie_sys"

Zenisek · June 18, 2020, 12:52pm

Hello Simone,

thank you. It works!