Kibana 5.3.1 + wazuh-app 5.3.1 working behind NGINX

[mbar...@xmltravelgate.com]

Good morning,

I think I'm really to get it but I'm not able to get the key point. May be (I hope so) you can quickly help me.

I'm using Kibana 5.3.1 and I installed your plugin (./kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.3.1.zip)

Great, I set up the wazuh-api and so far everything was working smoothly on localhost:5601.

After, I set up NGINX to protect and hide Kibana behind him, I used this settings:

host~$ sudo cat /etc/nginx/sites-available/default | grep -Ev '^.*#|^$'           

upstream kibana {

    server localhost:5601 fail_timeout=0;

}

server {

        listen 80 default_server;

        listen [::]:80 default_server;

        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {

                try_files $uri $uri/ =404;

        }

        location /kibana/ {

                proxy_pass http://kibana/;

                satisfy any;

                proxy_set_header Host $host;

                proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

        }

}

and I changed kibana-5.3.1-linux-x86_64/config/kibana.yml so:

[...TRUNCATED OUTPUT...]

server.host: 0.0.0.0

[...TRUNCATED OUTPUT...]

server.basePath: "/kibana"

[...TRUNCATED OUTPUT...]

Well, Kibana is still working on localhost/kibana but wazuh-app is getting me these errors:

Could you help me to figure out how to debug and fix this kind of error?

I'm not sure if this is important or not but when I change server.basePath and I restart Kibana I have to wait about 7 minutes to get it working back, I can see this log:

log   [09:17:59.941] [info][optimize] Optimization of bundles for wazuh, kibana, timelion and status_page complete in 400.84 seconds

As far as I'm concerned, this would be a Kibana regular behavior when you change its server.basePath. In fact, if I undo this change I get your wazuh-app working back.

Thanks a lot and kind regards

[Pedro Sanchez]

Hi,

Thanks for your feedback and detailed issue, let me try to help here.

Regarding to those 7 minutes to get it working, that is something normal in Kibana, is not related to Wazuh App, Kibana does something they call "optimize" (which is kind of compiling data) and it could take a while.

We are inspecting the error you are getting on the situation when you change basePath setting, I think we are not counting on that setting to do the requests to different services, we will improve it as soon as posible.

If your intention is to secure Kibana, that is something we do daily using Nginx same way than you, we usually do not need to modify the basePath, check below our typical Nginx configuration:

server {
      listen 80 default_server;                 #Listen on IPv4
      listen [::]:80;                                 #Listen on IPv6
      return 301 https://$host$request_uri;
}
server {
       listen 443 default_server;
       listen            [::]:443;
       ssl on;
       ssl_certificate /etc/pki/tls/certs/nginx.crt;
       ssl_certificate_key /etc/pki/tls/private/nginx.key;
       server_name           "Wazuh Nginx Proxy";
       access_log            /var/log/nginx/nginx.access.log;
       error_log            /var/log/nginx/nginx.error.log;
       location / {
               auth_basic "Restricted";
               auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
               proxy_pass http://kibana_host_ip:5601;
       }
       location /wazuh_api/ {
               proxy_pass http://wazuh_api_ip:55000/;
       }
}

The configuration will setup Nginx to listen to 80 and 443, redirecting HTTP to HTTPS, it will also set Basic HTTP Authentication.

Thanks again for the feedback, we will work and test the basePath use case.

Regards,

Pedro.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2c2346f0-7bfd-4b04-87da-6799b51d2bef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[mbar...@xmltravelgate.com]

Good morning Pedro,

thanks a lot for your reply.

I had seen that information about how to secure Kibana + Wazuh App through HTTPS but we would rather to use location mechanism, We know that is not the better one but it's more than enough for us. Among another reasons because we are sharing this Nginx with another services.

We'll stay in tune to know whether you have some news about  how to use the way we have proposed.

Thanks and kind regards.

[Pedro Sanchez]

Hi Mbarbero,

I re-created your issue on your labs and I can confirm we have an issue we need to fix, I did open a issue in Github so we can track and fix this problem.

https://github.com/wazuh/wazuh-kibana-app/issues/17

Thanks for the feedback,

Pedro.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/4a78dbcd-668e-4e50-a6f3-4d18186f7a14%40googlegroups.com.

[mbar...@xmltravelgate.com]

Morning Pedro,

on the contray, thank you by taking in consideration this matter and for your time and effort to find a solution.

Let me know if I could help in some way.

What a pity you aren't in Mallorca, you'd have a paid beer ;-D

Kind regards.

[Pedro Sanchez]

You are really welcome! I will take note of that beer, I will ping you when I plan a travel to Mallorca haha :P

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/06d5fb0a-0b09-4c09-aab9-f15ead588681%40googlegroups.com.