elasticsearch & nginx: basic authorithation different users right for one site
Issue:
I need to configure Elasticsearch/Kibana basic authorization with basic license. But I need to do this:
For user kibana
I want to grant access to all http methods (GET, POST, DELETE
), however for user logger
(which will post log/metric events) I want to grant only POST
method.
I know, it is possible to configure it like that:
server {
listen 80;
server_name logger.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_logger;
add_header Allow "POST" always;
if ( $request_method !~ ^(POST)$ ) {
return 405;
}
}
}
server {
listen 80;
server_name kibana.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_kibana;
}
}
BUT I want to have a single entry point elastic.domain.com
with differently configured method rules for different users. Is it possible?
Or can anyone suggest different FREE tool with X-Pack security functionality?
elasticsearch nginx basic-authentication
add a comment |
Issue:
I need to configure Elasticsearch/Kibana basic authorization with basic license. But I need to do this:
For user kibana
I want to grant access to all http methods (GET, POST, DELETE
), however for user logger
(which will post log/metric events) I want to grant only POST
method.
I know, it is possible to configure it like that:
server {
listen 80;
server_name logger.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_logger;
add_header Allow "POST" always;
if ( $request_method !~ ^(POST)$ ) {
return 405;
}
}
}
server {
listen 80;
server_name kibana.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_kibana;
}
}
BUT I want to have a single entry point elastic.domain.com
with differently configured method rules for different users. Is it possible?
Or can anyone suggest different FREE tool with X-Pack security functionality?
elasticsearch nginx basic-authentication
add a comment |
Issue:
I need to configure Elasticsearch/Kibana basic authorization with basic license. But I need to do this:
For user kibana
I want to grant access to all http methods (GET, POST, DELETE
), however for user logger
(which will post log/metric events) I want to grant only POST
method.
I know, it is possible to configure it like that:
server {
listen 80;
server_name logger.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_logger;
add_header Allow "POST" always;
if ( $request_method !~ ^(POST)$ ) {
return 405;
}
}
}
server {
listen 80;
server_name kibana.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_kibana;
}
}
BUT I want to have a single entry point elastic.domain.com
with differently configured method rules for different users. Is it possible?
Or can anyone suggest different FREE tool with X-Pack security functionality?
elasticsearch nginx basic-authentication
Issue:
I need to configure Elasticsearch/Kibana basic authorization with basic license. But I need to do this:
For user kibana
I want to grant access to all http methods (GET, POST, DELETE
), however for user logger
(which will post log/metric events) I want to grant only POST
method.
I know, it is possible to configure it like that:
server {
listen 80;
server_name logger.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_logger;
add_header Allow "POST" always;
if ( $request_method !~ ^(POST)$ ) {
return 405;
}
}
}
server {
listen 80;
server_name kibana.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_kibana;
}
}
BUT I want to have a single entry point elastic.domain.com
with differently configured method rules for different users. Is it possible?
Or can anyone suggest different FREE tool with X-Pack security functionality?
elasticsearch nginx basic-authentication
elasticsearch nginx basic-authentication
edited Nov 11 at 10:46
Pavel Voronin
7,31353985
7,31353985
asked Nov 11 at 10:05
Sergey Shulik
678824
678824
add a comment |
add a comment |
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53247629%2felasticsearch-nginx-basic-authorithation-different-users-right-for-one-site%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53247629%2felasticsearch-nginx-basic-authorithation-different-users-right-for-one-site%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown