Error: UnknownHostException[No trusted proxies] at respond (https://127.0.0.1:9506/index.js?_b=5930:81566:15) at checkRespForFailure (https://127.0.0.1:9506/index.js?_b=5930:81534:7) at https://127.0.0.1:9506/index.js?_b=5930:80203:7 at wrappedErrback (https://127.0.0.1:9506/index.js?_b=5930:20882:78) at wrappedErrback (https://127.0.0.1:9506/index.js?_b=5930:20882:78) at wrappedErrback (https://127.0.0.1:9506/index.js?_b=5930:20882:78) at https://127.0.0.1:9506/index.js?_b=5930:21015:76 at Scope.$eval (https://127.0.0.1:9506/index.js?_b=5930:22002:28) at Scope.$digest (https://127.0.0.1:9506/index.js?_b=5930:21814:31) at Scope.$apply (https://127.0.0.1:9506/index.js?_b=5930:22106:24)
i'm really confused by the proxy settings. If i try to disable XFF like this:
searchguard.http.xforwardedfor.header: null
#searchguard.http.xforwardedfor.trustedproxies: null
#searchguard.http.xforwardedfor.enforce: true
i'v got this exception: {"error":"UnknownHostException[No trusted proxies]","status":500}
Were also tested, and other options:
searchguard.http.xforwardedfor.header: X-Forwarded-For
searchguard.http.xforwardedfor.trustedproxies: ["10.0.0.171","10.0.0.172","10.0.0.173"]
searchguard.http.xforwardedfor.enforce: false
the result is always the same: {"error":"UnknownHostException[Not all proxies are trusted]","status":500}
Logical scheme:
Client request from browser->proxy_nginx1(10.0.0.172:80)->ES(10.0.0.171:9200).
Definitions:
elastic.somedomain.com=proxy_nginx1=10.0.0.172
My configs:
Kibana config.js:
...
elasticsearch: {server: "http://elastic.somedomain.com:80", withCredentials: true},
...
_config_end
ElasticSearch config:
searchguard.enabled: true
searchguard.key_path: /usr/share/elasticsearch/plugins/search-guard/
searchguard.rewrite_get_as_search: true
searchguard.config_index_name: searchguard
searchguard.auditlog.enabled: true
searchguard.check_for_root: true
searchguard.allow_all_from_loopback: false
searchguard.http.xforwardedfor.header: X-Forwarded-For
searchguard.http.xforwardedfor.trustedproxies: ["10.0.0.171","10.0.0.172","10.0.0.173"]
searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend
searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator
searchguard.authentication.ldap.host: ["ldap.somedomain.com:636"]
searchguard.authentication.ldap.ldaps.ssl.enabled: true
searchguard.authentication.ldap.ldaps.starttls.enabled: true
searchguard.authentication.ldap.ldaps.truststore_type: JKS
searchguard.authentication.ldap.ldaps.truststore_filepath: /etc/elasticsearch/logs_master.jks
searchguard.authentication.ldap.ldaps.truststore_password: XXXXXX
searchguard.authentication.ldap.bind_dn: cn=readuser,dc=somedomain,dc=com
searchguard.authentication.ldap.password: XXXXXYYYYZZZZ
searchguard.authentication.ldap.userbase: "ou=people,dc=somedomain,dc=com"
searchguard.authentication.ldap.usersearch: (uid={0})
searchguard.authentication.ldap.username_attribute: uid
searchguard.authentication.authorization.ldap.rolebase: "ou=groups,dc=somedomain,dc=com"
searchguard.authentication.authorization.ldap.rolesearch: (member={0})
searchguard.authentication.authorization.ldap.userroleattribute: memberuid
searchguard.authentication.authorization.ldap.userrolename: memberOf
searchguard.authentication.authorization.ldap.rolename: cn
searchguard.authentication.authorization.ldap.resolve_nested_roles: true
searchguard.actionrequestfilter.names: ["readonly"]
searchguard.actionrequestfilter.readonly.allowed_actions: ["indices:data/read/*",
searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:admin*", "indices:data/write*"]
My ACL rules:
{
"acl": [
{
"__Comment__": "By default no filters are executed and no filters a by-passed. In such a case a exception is throws an access will be denied.",
"filters_bypass": [],
"filters_execute": []
},
{
"__Comment__": "For elastic_admin role all filters are bypassed (so none will be executed) for all indices. This means unrestricted access at all for this role.",
"roles": ["elastic_admin"],
"indices": ["*"],
"filters_bypass": ["*"],
"filters_execute": []
},
{
"__Comment__": "For authenticated users with role 'elastic_user' who access the index '.kibana' and 'logstash-*' for this access filter readonly will be executed.",
"roles": ["elastic_user"],
"indices": ["*kibana*","logstash*"],
"filters_bypass": [],
"filters_execute": ["*"]
},
{
"__Comment__": "For authenticated user with role 'elastic_kibana' who access the index '.kibana' and 'logstash-*' for this access all filters are bypassed (so none will be executed).",
"roles": ["elastic_kibana"],
"indices": ["*kibana*","logstash*"],
"filters_bypass": ["*"],
"filters_execute": []
},
{
"__Comment__": "For authenticated user with role 'elastic_fluentd' who access the index 'logstash-*' for this access all filters are bypassed (so none will be executed).",
"roles": ["elastic_fluentd"],
"indices": ["logstash*"],
"filters_bypass": ["*"],
"filters_execute": []
}
]
}
Thanks for any kind assistance.