Protecting Kibana with Apache (Basic Authentication)
Tip submitted by @raiden0610
mod_proxy activation
a2enmod proxy
a2enmod proxy_http
a2enmod headers
service apache2 restart
Vitualhost configuration
Find where your virtualhost 443 or 80 config is, depending on your distros.
For example in Ubuntu 16.04: the config is on the file 000-default-le-ssl.conf in /etc/apache2/sites-availables directory.
If you don’t want SSL, here is the file 000-default.conf
Edit the file and in the virtualhost 443 or 80 section paste this :
# Proxying kibana listenning on the port 5601
ProxyPreserveHost On
ProxyRequests On
ProxyPass / http://localhost:5601/
ProxyPassReverse / http://localhost:5601/
# Protecting with basic authentication
<Location />
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Location>
Reload apache config :
service apache2 reload
Generation of username / password
htpasswd /etc/apache2/.htpasswd your_user
Activating SSL
Follow the tutorial (you can select the ditros) : Let’s encrypt - Certbot
Certbot will take care of the SSL configuration in Apache automatically for you
Warning:
Don't forget to close the port 5601 in your firewall ! because if you don't kibana will still be accessible without basic authentication on the port 5601
And voila you can now access kibana in a secure way at https://mydomain.com or http://mydomain.com