All geek questions in one place

Failed proxy to transfer AWS Kibana to nginx

I use AWS kibana to search and view the logs that Logstash indexed. Right now I am using the default URL from AWS and is limited only by my IP address. I need to proxy it through nginx, I tried to follow this document: https://sysadmins.co.za/aws-access-kibana-5-behind-elb-via-nginx-reverse-proxy-on-custom-dns/

But the kibana does not load. I get the following error:

Kibana: Not Found Error: Not Found at respond (http://IP/index.js?_b=7562:85344:15) at checkRespForFailure (http://IP/index.js?_b=7562:85312:7) at http://IP/index.js?_b=7562:83950:7 at wrappedErrback (http://IP/index.js?_b=7562:20902:78) at wrappedErrback (http://IP/index.js?_b=7562:20902:78) at wrappedErrback (http://IP/index.js?_b=7562:20902:78) at http://IP/index.js?_b=7562:21035:76 at Scope.$eval (http://IP/index.js?_b=7562:22022:28) at Scope.$digest (http://IP/index.js?_b=7562:21834:31) at Scope.$apply (http://IP/index.js?_b=7562:22126:24)

Adding Nignx conf:

  server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name kibana.mydomain.com; # for elb health checks location /status { root /usr/share/nginx/html/ ; } location / { proxy_set_header Host search-aws-es.eu-west-1.es.amazonaws.com; proxy_set_header X-Real-IP <public-ip-for-instance>; proxy_http_version 1.1; proxy_set_header Connection "Keep-Alive"; proxy_set_header Proxy-Connection "Keep-Alive"; proxy_set_header Authorization ""; proxy_pass https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/; proxy_redirect https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/ http://<public-ip-for-instance>/kibana/; } location ~ (/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) { proxy_pass http://search-aws-es.eu-west-1.es.amazonaws.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; } } }
+5
source share
1 answer

This does not answer your question directly, but may solve your problem:

As a service you can use a proxy server:

https://www.iamproxy.com/

To use it, you create an AWS user and authorize him for elasticsearch as follows:

 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::12345678:user/es-user" ] }, "Action": "es:*", "Resource": "arn:aws:es:eu-central-1:557594345551:domain/your_es_domain/*" } ] }

Then you create an account on this page and enter the IAM user credentials.

The downside is that you have to trust a random website with read access to elasticsearch. But this avoids problems with the proxy server.

Full disclosure: I am the creator of iamproxy.com.

0
source

Source: https://habr.com/ru/post/1271843/

More articles:


All Articles