If you don’t have the money to afford x-pack, but you want to secure your Kibana at least with basic authentication using nginx, the following entries in default.conf. The target is a kibana instance within the same Docker swarm network.
location /app/kibana {
auth_basic "Restricted Content"; auth_basic_user_file "/etc/nginx/.htpasswd"; proxy_pass kibana:5601/app/kibana;
}
location /app/timelion {
auth_basic "Restricted Content"; auth_basic_user_file "/etc/nginx/.htpasswd"; proxy_pass kibana:5601/app/timelion;
}
location /bundles {
auth_basic "Restricted Content"; auth_basic_user_file "/etc/nginx/.htpasswd"; proxy_pass kibana:5601/bundles;
}
location /ui {
auth_basic "Restricted Content"; auth_basic_user_file "/etc/nginx/.htpasswd"; proxy_pass kibana:5601/ui;
}
location /plugins {
auth_basic "Restricted Content"; auth_basic_user_file "/etc/nginx/.htpasswd"; proxy_pass kibana:5601/plugins;
}
location /api/console {
auth_basic "Restricted Content"; auth_basic_user_file "/etc/nginx/.htpasswd"; proxy_pass kibana:5601/api/console;
}
location /api/status {
auth_basic "Restricted Content"; auth_basic_user_file "/etc/nginx/.htpasswd"; proxy_pass kibana:5601/api/status;
}
location /status {
auth_basic "Restricted Content"; auth_basic_user_file "/etc/nginx/.htpasswd"; proxy_pass kibana:5601/status;
}
location ~* /api/(.*)$ {
auth_basic "Restricted Content"; auth_basic_user_file "/etc/nginx/.htpasswd"; proxy_pass kibana:5601/api/$1$is_args$args;
}
location ~* /elasticsearch/(.*)$ {
auth_basic "Restricted Content"; auth_basic_user_file "/etc/nginx/.htpasswd"; proxy_pass kibana:5601/elasticsearch/$1$is_args$args;
}