I would like to configure reverse proxy for kibana,
and I have installed readonlyrest pro with it.
without ror pro, the proxy goes well.
but when i install ror, it will redirect to /login?nexturl=kiabna…
and return 500 internal server error.
I would like to ask if how should I configure the nginx to make the whole things working… Thanks so much.
Hi @sscarduzio, I’ve installed the new enterprise version. Do you have an example or new documentation on how to disable the Kibana login screen, so we can delegate everything to reverse proxy.
@sscarduzio I’ve been doing some testing with the new enterprise version. Using your suggested config, I’m seeing this:
ValidationError: child “readonlyrest_kbn” fails because [child “custom_logout_link” fails because [“custom_logout_link” must only contain alpha-numeric characters]]
I’m running…
elasticsearch-5.5.3
kibana-5.5.3-darwin-x86_64
readonlyrest-1.16.12_es5.5.3.zip
readonlyrest_kbn_enterprise-1.16.12_es5.5.3.zip
Commenting out the readonlyrest_kbn.custom_logout_link will start Kibana.
Thanks for the update. Moving on with my testing, I was trying to setup basic static users to group mapping w/ reverse proxy. I’m setting the X-Forwarded-User header, and the login is being bypassed as expected! Thanks for that!
However, I’m seeing groups I’m not suppose to see.
For example, when admin logs in, I’m seeing simone’s group that admin doesn’t belong too (InfoSec).
Is this a configuration issue, or a bug?
Sorry,
I do not want to create another topic and think that here is the most suitable place for my newbie question)
Want/trying to use Okta SAML SSO with ROR and for this I’m using okta-auth-proxy with Nginx (with similar example provided in repo) and Kibana on single instance.
So the main question is it correct ROR config/rule to allow access for any user which goes from proxy side?