elasticsearch & nginx: basic authorithation different users right for one site
up vote
1
down vote
favorite
Issue:
I need to configure Elasticsearch/Kibana basic authorization with basic license. But I need to do this:
For user kibana I want to grant access to all http methods (GET, POST, DELETE), however for user logger (which will post log/metric events) I want to grant only POST method.
I know, it is possible to configure it like that:
server {
listen 80;
server_name logger.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_logger;
add_header Allow "POST" always;
if ( $request_method !~ ^(POST)$ ) {
return 405;
}
}
}
server {
listen 80;
server_name kibana.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_kibana;
}
}
BUT I want to have a single entry point elastic.domain.com with differently configured method rules for different users. Is it possible?
Or can anyone suggest different FREE tool with X-Pack security functionality?
elasticsearch nginx basic-authentication edited Nov 11 at 10:46
Pavel Voronin
7,25453884
asked Nov 11 at 10:05
Sergey Shulik
678824
add a comment |
up vote
1
down vote
favorite
Issue:
I need to configure Elasticsearch/Kibana basic authorization with basic license. But I need to do this:
For user kibana I want to grant access to all http methods (GET, POST, DELETE), however for user logger (which will post log/metric events) I want to grant only POST method.
I know, it is possible to configure it like that:
server {
listen 80;
server_name logger.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_logger;
add_header Allow "POST" always;
if ( $request_method !~ ^(POST)$ ) {
return 405;
}
}
}
server {
listen 80;
server_name kibana.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_kibana;
}
}
BUT I want to have a single entry point elastic.domain.com with differently configured method rules for different users. Is it possible?
Or can anyone suggest different FREE tool with X-Pack security functionality?
elasticsearch nginx basic-authentication edited Nov 11 at 10:46
Pavel Voronin
7,25453884
asked Nov 11 at 10:05
Sergey Shulik
678824
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
Issue:
I need to configure Elasticsearch/Kibana basic authorization with basic license. But I need to do this:
For user kibana I want to grant access to all http methods (GET, POST, DELETE), however for user logger (which will post log/metric events) I want to grant only POST method.
I know, it is possible to configure it like that:
server {
listen 80;
server_name logger.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_logger;
add_header Allow "POST" always;
if ( $request_method !~ ^(POST)$ ) {
return 405;
}
}
}
server {
listen 80;
server_name kibana.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_kibana;
}
}
BUT I want to have a single entry point elastic.domain.com with differently configured method rules for different users. Is it possible?
Or can anyone suggest different FREE tool with X-Pack security functionality?
elasticsearch nginx basic-authentication edited Nov 11 at 10:46
Pavel Voronin
7,25453884
asked Nov 11 at 10:05
Sergey Shulik
678824
Issue:
I need to configure Elasticsearch/Kibana basic authorization with basic license. But I need to do this:
For user kibana I want to grant access to all http methods (GET, POST, DELETE), however for user logger (which will post log/metric events) I want to grant only POST method.
I know, it is possible to configure it like that:
server {
listen 80;
server_name logger.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_logger;
add_header Allow "POST" always;
if ( $request_method !~ ^(POST)$ ) {
return 405;
}
}
}
server {
listen 80;
server_name kibana.domain.com;
location / {
proxy_pass http://localhost:9200;
proxy_redirect off;
auth_basic "secured site tools";
auth_basic_user_file /var/www/example/.htpasswd_kibana;
}
}
BUT I want to have a single entry point elastic.domain.com with differently configured method rules for different users. Is it possible?
Or can anyone suggest different FREE tool with X-Pack security functionality?
elasticsearch nginx basic-authentication elasticsearch nginx basic-authentication edited Nov 11 at 10:46
Pavel Voronin
7,25453884
asked Nov 11 at 10:05
Sergey Shulik
678824
edited Nov 11 at 10:46
Pavel Voronin
7,25453884
asked Nov 11 at 10:05
Sergey Shulik
678824
edited Nov 11 at 10:46
Pavel Voronin
7,25453884
edited Nov 11 at 10:46
Pavel Voronin
7,25453884
edited Nov 11 at 10:46
Pavel Voronin
7,25453884
7,25453884
asked Nov 11 at 10:05
Sergey Shulik
678824
asked Nov 11 at 10:05
Sergey Shulik
678824
asked Nov 11 at 10:05
Sergey Shulik
678824
678824
add a comment |
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53247629%2felasticsearch-nginx-basic-authorithation-different-users-right-for-one-site%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
