Nasrul Hazim Bin MohamadRecent works let introduce me some challenges in putting Kibana Dashboard into applications, in secured manner. Hence writing up a quick post for setting it up securely.
Elasticsearch
Enable X-pack Security
xpack.security.enabled: true
Create credentials for internal communication of Elastic stack:
/usr/share/elasticsearch/bin/elasticsearch-setup-password auto
Random passwords will be created for you:
Changed password for user apm_system
PASSWORD apm_system = some-random-password
Changed password for user kibana_system
PASSWORD kibana_system = some-random-password
Changed password for user kibana
PASSWORD kibana = some-random-password
Changed password for user logstash_system
PASSWORD logstash_system = some-random-password
Changed password for user beats_system
PASSWORD beats_system = some-random-password
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = some-random-password
Changed password for user elastic
PASSWORD elastic = some-random-password
Kibana
Configure your kibana.yml:
elasticsearch.username: "kibana"
elasticsearch.password: "<password-generated>"
Create encryption keys for your Kibana:
/usr/share/kibana/bin/kibana-encryption-keys generate
Then update your kibana.yml using the keys given in previous step:
xpack.encryptedSavedObjects.encryptionKey: some-random-key
xpack.reporting.encryptionKey: some-random-key
xpack.security.encryptionKey: some-random-key
xpack.reporting.capture.browser.chromium.disableSandbox: true
Then start your Kibana.
Now, you will prompt to enter username and password - use the elastic user in above steps.
Once you are logged in, go to Stack Management.
Create a new role named as embed_dashboard. Then:
- Give privileges to indices you want to expose to public.
- Create a kibana privilege as well, by Add a new one. Choose targeted space - i used Default. Then in feature privilege, grant access to read only for Dashboard and Visualise Library.
Now save.
Once you are done, go create a new user, assign the role as embed_dashboard role.
Then, back to kibana.yml, append the config as following:
xpack.security.authc.providers:
anonymous.anonymous1:
order: 0
session:
idleTimeout: 1Y
credentials:
username: "anon"
password: "SomeStrongPasswordIGuess"
basic.basic1:
order: 1
Then restart your Kibana.
By now, you should be able to have a Public URL for your dashboard and be able to embed the dashboard in any of your applications.
Photo by Chris Liverani on Unsplash
