This content originally appeared on DEV Community and was authored by Nasrul Hazim Bin Mohamad
Recent works let introduce me some challenges in putting Kibana Dashboard into applications, in secured manner. Hence writing up a quick post for setting it up securely.
Elasticsearch
Enable X-pack Security
xpack.security.enabled: true
Create credentials for internal communication of Elastic stack:
/usr/share/elasticsearch/bin/elasticsearch-setup-password auto
Random passwords will be created for you:
Changed password for user apm_system
PASSWORD apm_system = some-random-password
Changed password for user kibana_system
PASSWORD kibana_system = some-random-password
Changed password for user kibana
PASSWORD kibana = some-random-password
Changed password for user logstash_system
PASSWORD logstash_system = some-random-password
Changed password for user beats_system
PASSWORD beats_system = some-random-password
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = some-random-password
Changed password for user elastic
PASSWORD elastic = some-random-password
Kibana
Configure your kibana.yml
:
elasticsearch.username: "kibana"
elasticsearch.password: "<password-generated>"
Create encryption keys for your Kibana:
/usr/share/kibana/bin/kibana-encryption-keys generate
Then update your kibana.yml
using the keys given in previous step:
xpack.encryptedSavedObjects.encryptionKey: some-random-key
xpack.reporting.encryptionKey: some-random-key
xpack.security.encryptionKey: some-random-key
xpack.reporting.capture.browser.chromium.disableSandbox: true
Then start your Kibana.
Now, you will prompt to enter username and password - use the elastic
user in above steps.
Once you are logged in, go to Stack Management.
Create a new role named as embed_dashboard
. Then:
- Give privileges to indices you want to expose to public.
- Create a kibana privilege as well, by Add a new one. Choose targeted space - i used Default. Then in feature privilege, grant access to read only for Dashboard and Visualise Library.
Now save.
Once you are done, go create a new user, assign the role as embed_dashboard
role.
Then, back to kibana.yml
, append the config as following:
xpack.security.authc.providers:
anonymous.anonymous1:
order: 0
session:
idleTimeout: 1Y
credentials:
username: "anon"
password: "SomeStrongPasswordIGuess"
basic.basic1:
order: 1
Then restart your Kibana.
By now, you should be able to have a Public URL for your dashboard and be able to embed the dashboard in any of your applications.
Photo by Chris Liverani on Unsplash
This content originally appeared on DEV Community and was authored by Nasrul Hazim Bin Mohamad
Nasrul Hazim Bin Mohamad | Sciencx (2021-11-10T08:48:29+00:00) Setting up Anonymous User to Embed Kibana Dashboard to Your Application. Retrieved from https://www.scien.cx/2021/11/10/setting-up-anonymous-user-to-embed-kibana-dashboard-to-your-application/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.