We are working on integrating kibana dashboard into our front-end applications. instead of directly using kibana dashboard URL, we want to route via nginx. Eg. Kibana URL: https://demo.elastic.co/app/dashboards#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013 We want to access this from below URL https://example.com/kibana/<id> We tried with below nginx configuration but it's not working.
location /kibana/ {
rewrite ^/kibana/(.*) /$1 break;
proxy_pass https://demo.elastic.co/app/dashboards#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013/;
proxy_buffering off;
proxy_connect_timeout 600s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
Try removing rewrite directive and adding proxy_pass_header Host demo.elastic.co;
Related
I just moved our jenkins to a new machine behind a reverse proxy, before it was straight on the intranet. And I've started seeing the error "It appears that your reverse proxy setup is broken."
So I copied the recommended nginx config straight, modifying slightly for our needs but the warning remains, leaving me slightly confused and posting here.
upstream jenkins {
keepalive 32; # keepalive connections
server 127.0.0.1:8080; # jenkins ip and port
}
server {
listen 80; # Listen on port 80 for IPv4 requests
server_name jenkins.domain.tld;
#this is the jenkins web root directory (mentioned in the /etc/default/jenkins file)
root /usr/share/jenkins;
access_log /var/log/nginx/jenkins/access.log;
error_log /var/log/nginx/jenkins/error.log;
ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
#rewrite all static files into requests to the root
#E.g /static/12345678/css/something.css will become /css/something.css
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
}
location /userContent {
#have nginx handle all the static requests to the userContent folder files
#note : This is the $JENKINS_HOME dir
root /var/lib/jenkins/;
if (!-f $request_filename){
#this file does not exist, might be a directory or a /**view** url
rewrite (.*) /$1 last;
break;
}
sendfile on;
}
location #jenkins {
sendfile off;
proxy_pass http://jenkins;
proxy_redirect default;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_request_buffering off; # Required for HTTP CLI commands in Jenkins > 2.54
proxy_set_header Connection ""; # Clear for keepalive
}
location / {
# Optional configuration to detect and redirect iPhones
if ($http_user_agent ~* '(iPhone|iPod)') {
rewrite ^/$ /view/iphone/ redirect;
}
try_files $uri #jenkins;
}
}
So it's reached at jenkins.domain.tld and I'm out of ideas on how to troubleshoot this. The requests log properly, nothing in the error log, jenkins seems to work in other ways....but the proxy tests gives a 404?
$: curl -iL -e http://jenkins.domain.tld/jenkins/manage http://jenkins.domain.tld/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test
HTTP/1.1 404 Not Found
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 26 Mar 2018 06:50:30 GMT
Content-Type: text/html;charset=iso-8859-1
Content-Length: 391
Connection: keep-alive
X-Content-Type-Options: nosniff
Cache-Control: must-revalidate,no-cache,no-store
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 404 Not Found</title>
</head>
<body><h2>HTTP ERROR 404</h2>
<p>Problem accessing /jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test. Reason:
<pre> Not Found</pre></p><hr>Powered by Jetty:// 9.4.z-SNAPSHOT<hr/>
</body>
</html>
Jenkins URL in system config is also set to jenkins.domain.tld.
Almost have this working how I want - basically I'm trying to serve static files on host/static (including directory listings), and serve to another backend for any non-file request (including the default site). The config below seems to do this, but the ONE problem remaining is that I can't get to the root static dir with host/static - a trailing slash is required! Any ideas?
My config:
location / {
try_files /static/$uri /static/$uri/ #myserver;
}
location /static/ {
alias /var/www/static_files/;
autoindex on;
disable_symlinks off;
}
location #myserver {
proxy_pass http://localhost:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
As #RichardSmith said - to get this behavior, just remove the trailing slash from the location and alias statements.
I am running nginx as reverse proxy directly installed on the server. To access different webapps I am using sub folders. Two webapps are running in docker containers (pydio and cops).
For pydio this location commands are working; same one for cops is not working.
location ^~ /pydio {
client_max_body_size 20G;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:82;
proxy_redirect off;
}
I tried different settings found by searching - none worked.
This is the latest version which results in a 403 error:
location ^~ /ebooks(.*)$ {
client_max_body_size 1G;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
rewrite ^/ebooks(/.*)$ $1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://192.168.100.67:83$1/;
proxy_redirect off;
autoindex on;
}
And this entry in my error.log:
[error] 29235#29235: *1 directory index of "/var/www/ebooks/" is forbidden, client: 87.174.111.111, server: myadress.de, request: "GET /ebooks/ HTTP/1.1", host: "myadress.de"
When I hit 192.168.100.67:83 directly in my browser everything is working fine.
The folder /var/www/ebooks has www-data:www-data and 750 rights and it is linked with the container by the running command:
docker run ... -v /var/www/ebooks:/config ... according to this https://hub.docker.com/r/lsioarmhf/cops/
Hope I made my problem clear and you will help me. Thanks
good an bad news.
After testing a little more I found setting passing the command to docker correctly.
location ^~ /ebooks {
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
rewrite ^/ebooks(/.*)$ $1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:83$1;
proxy_redirect off;
}
But cops page is only displayed in a basic way (background color changes but matrix not shown)
This is error log entry:
an upstream response is buffered to a temporary file /var/lib/nginx/proxy/1/00/0000000001 while reading upstream, client: 11.114.211.38, server: myadress.de, request:: "GET /ebooks/resources/jQuery/jquery-1.11.1..js?v=1.0.1 HTTP/1.1", upstream: "http://127.0.0.1:83/resources/jQuery/jquery-1.11.1.min.js", host: "myadress.de", referrer: "https://myadress/ebooks/"
To give you a complete picture. This is nginx config of cops container.
server {
listen 80 default_server;
# listen 443 ssl;
server_name _;
# ssl_certificate /config/keys/cert.crt;
# ssl_certificate_key /config/keys/cert.key;
access_log /config/log/nginx/access_cops.log;
error_log /config/log/nginx/error_cops.log;
root /var/www/localhost/cops;
index index.php;
#Useful only for Kobo reader
location /cops/ {
rewrite ^/download/(\d+)/(\d+)/.*\.(.*)$ /fetch.php?data=$1&db=$2&type=$3 last;
rewrite ^/download/(\d+)/.*\.(.*)$ /fetch.php?data=$1&type=$2 last;
break;
}
#Can break loading the images - if you don't see anything, comment
location ~ ^/images.*\.(gif|png|ico|jpg)$ {
expires 31d;
}
#Can also break loading the images, comment if it happens
location ~ .(js|css|eot|svg|woff|ttf)$ {
expires 31d;
}
#Not necessarily correct, it depends on distro.
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
}
location /books {
root /;
internal;
}
}
Any ideas if I am missing something?
I would like to require auth_basic nginx authentication to save all kibana 4 dashboards but allow anyone to view dashboards without authentication.
I recently installed an ELK (Elasticsearch 1.4.5, Logstash 1:1.5.2-1, and Kibana 4.1.1) stack on Ubuntu 14.04 using a DigitalOcean tutorial.
Because kibana uses browser based javascript to sends queries to elasticsearch, I'm not sure how to figure out what to secure.
DigitalOcean provides an nginx config to fully secure access to kibana 4.
FILE:/etc/nginx/sites-available/default
server {
listen 80;
return 301 https://logstash.nyc.3top.com;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
server_name logstash.example.com;
access_log /var/log/nginx/kibana.access.log;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Elastic provided an nginx sample config to accomplish this for Kibana 3 but not Kibana 4:
server {
listen *:80 ;
server_name kibana.myhost.org;
access_log /var/log/nginx/kibana.myhost.org.access.log;
location / {
root /usr/share/kibana3;
index index.html index.htm;
}
location ~ ^/_aliases$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
}
location ~ ^/.*/_aliases$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
}
location ~ ^/_nodes$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
}
location ~ ^/.*/_search$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
}
location ~ ^/.*/_mapping {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
}
# Password protected end points
location ~ ^/kibana-int/dashboard/.*$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
limit_except GET {
proxy_pass http://127.0.0.1:9200;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.myhost.org.htpasswd;
}
}
location ~ ^/kibana-int/temp.*$ {
proxy_pass http://127.0.0.1:9200;
proxy_read_timeout 90;
limit_except GET {
proxy_pass http://127.0.0.1:9200;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.myhost.org.htpasswd;
}
}
}
Does anyone know how to do this for Kibana 4?
Here is are my config files for elasticsearch and kibana:
/etc/elasticsearch/elasticsearch.yml
network.host: localhost
/opt/kibana/config/kibana.yml
port: 5601
host: "localhost"
elasticsearch_url: "http://localhost:9200"
elasticsearch_preserve_host: true
kibana_index: ".kibana"
default_app_id: "discover"
request_timeout: 300000
shard_timeout: 0
verify_ssl: true
bundled_plugin_ids:
- plugins/dashboard/index
- plugins/discover/index
- plugins/doc/index
- plugins/kibana/index
- plugins/markdown_vis/index
- plugins/metric_vis/index
- plugins/settings/index
- plugins/table_vis/index
- plugins/vis_types/index
- plugins/visualize/index
You might need to leverage nginx's conditional capabilities to achieve this. This gist might be a good starting point. Let me know if this works for you.
I'm trying to set up a simple nginx server to act as a proxy between my front end ui and my back end api. The setup is fairly simple. The UI makes all api requests to /api/endpoint and the proxy server passes the request to the api. The proxy also needs to rewrite the request so that instead of going to http://api.location.net/api/endpoint, it goes to http://api.location.net/endpoint. The UI resides on http://api.location.net. This part isn't working (i get a 500 error) and I'm pretty sure it has to do with how I'm writing my rewrite rule. Here's my nginx config.
daemon off;
error_log off;
worker_processes 2;
worker_rlimit_nofile 100000;
events {
worker_connections 50000;
accept_mutex off;
}
http {
include /etc/nginx/mime.types;
access_log off;
sendfile on;
server {
listen 80 default_server;
server_name localhost _;
location / {
alias /srv/site/;
}
location /api/ {
rewrite ^/api ""; # I think this is the problem
proxy_pass http://api.location.net;
proxy_pass_request_headers on;
proxy_pass_header X-ResponseData;
proxy_redirect off;
}
}
}
Any help would be greatly appreciated, nginx is still fairly new for me and the documentation on nginx rewrite doesn't seem to have what I need.
If I understood you right, this should help
location /api/ {
proxy_pass http://api.location.net/;
proxy_pass_request_headers on;
proxy_pass_header X-ResponseData;
proxy_redirect off;
}
Note the URI part at proxy_pass directive
If the proxy_pass directive is specified with a URI, then when a
request is passed to the server, the part of a normalized request URI
matching the location is replaced by a URI specified in the directive:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass