Wazuh + NGINX - 502 Bad Gateway

1,723 views
Skip to first unread message

lucas.v...@gmail.com

unread,
Oct 5, 2017, 2:41:25 PM10/5/17
to Wazuh mailing list
Hello everyone, 

I've just installed NGINX in my Wazuh server for a SSL (self-signed) reverse proxy. Since my system is RPM-based distribution, I followed all steps here

However, after the authentication I'm getting a 502 Bad Gateway: 

Here is my NGINX configuration: 
------------------------------------------------------------------------------
server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

server {
    listen 443 default_server;
    listen            [::]:443;
    ssl on;
    ssl_certificate /etc/pki/tls/certs/kibana-access.pem;
    ssl_certificate_key /etc/pki/tls/private/kibana-access.key;
    access_log            /var/log/nginx/nginx.access.log;
    error_log            /var/log/nginx/nginx.error.log;
    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
        proxy_pass http://localshot:5601/;
    }
}
---------------------------------------------------------------
My kibana config: 

server.host: "localhost" (I also tried 0.0.0.0). 
----------------------------------------------------------------

Have you guys had some problem like this? 






Jose Luis Ruiz

unread,
Oct 5, 2017, 2:47:01 PM10/5/17
to Wazuh mailing list, lucas.v...@gmail.com
Hello Lucas


I see a typo in your http://localhost:5601, try to change it and restart nginx.



------------------------------------------------------------------------------
server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

server {
    listen 443 default_server;
    listen            [::]:443;
    ssl on;
    ssl_certificate /etc/pki/tls/certs/kibana-access.pem;
    ssl_certificate_key /etc/pki/tls/private/kibana-access.key;
    access_log            /var/log/nginx/nginx.access.log;
    error_log            /var/log/nginx/nginx.error.log;
    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
        proxy_pass http://localshot:5601/;
    }
}



I hope it helps.
Regards
————————
José Luis Ruiz.
Wazuh Inc.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/af08d038-349a-4a14-be53-3d25251fadfa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

lucas.v...@gmail.com

unread,
Oct 5, 2017, 2:58:14 PM10/5/17
to Wazuh mailing list
Thanks for the answer Jose Luiz. 

Actually, the config is localhost. 

Now I checked all config: 

"server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

server {
    listen 443 default_server;
    listen            [::]:443;
    ssl on;
    ssl_certificate /etc/pki/tls/certs/kibana-access.pem;
    ssl_certificate_key /etc/pki/tls/private/kibana-access.key;
    access_log            /var/log/nginx/nginx.access.log;
    error_log            /var/log/nginx/nginx.error.log;
    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
        proxy_pass http://localhost:5601/;
    }
}
"
Restarted the nginx, but still getting the 502 Bad Gateway error. 

Jose Luis Ruiz

unread,
Oct 5, 2017, 3:27:51 PM10/5/17
to Wazuh mailing list, lucas.v...@gmail.com

Hi Lucas,

Did you follow the guide step by step?

https://documentation.wazuh.com/current/installation-guide/optional-configurations/kibana_ssl.html#kibana-ssl

What OS are you using? Debian, Ubuntu, RedHat, etc…

Can you verify that kibana is running and in the port 5601?

ps axu | grep kibana

netstat -tuna | grep 5601

If the previous two commands works, can you attach the file /etc/kibana/kibana.yml and also the logs from Nginx in order to have a little more infomation?

thanks!

Regards
————————
José Luis Ruiz.
Wazuh Inc.


--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

lucas.v...@gmail.com

unread,
Oct 5, 2017, 5:30:30 PM10/5/17
to Wazuh mailing list
Jose, 

Actually, I didn't realize that my SELINUX was enabled. So, I just follow the step: "Allow NGINX to connect to Kibana port if you’re using SELinux:
$ semanage port -a -t http_port_t -p tcp 5601" and everything worked fine. 

Thank you for your help. 
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages