Nginx reverse proxy with Wazuh - 502 bad gateway

[Jorge Silva]

Hello everyone,

I'm exploring the possibility of having Nginx working as reverse proxy for Wazuh in order to add an 'extra layer' of authentication, since my Wazuh will be living on the internet (and not on a local network).

In order to achive this I started to change the /etc/kibana/kibana.yml :

From

server.host: 0.0.0.0

server.port: 443

To

server.host: localhost

server.port: 5601

Then I updated my Nginx conf with:

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    listen [::]:443;

    server_name x-y-z-w.ip.linodeusercontent.com;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    ssl_certificate /etc/letsencrypt/live/x-y-z-w.ip.linodeusercontent.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/x-y-z-w.ip.linodeusercontent.com/privkey.pem;

    location / {
        proxy_pass http://x-y-z-w.ip.linodeusercontent.com:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

}

Then I restarted Kibana and Nginx.
(Note: the /etc/nginx/htpasswd.users was already generated)

When I try to access to my wazuh interface - https://x-y-z-w.ip.linodeusercontent.com - I promptly got ask for user and password - from the Nginx setup for 'restrict access' - and after entering the credentials I got a '502 bad gateway'.

From nginx error.log I got:

2022/10/06 13:16:24 [error] 20386#20386: *44 connect() failed (111: Connection refused) while connecting to upstream, client: 123.456.789.123, server: x-y-z-w.ip.linodeusercontent.com, request: "GET / HTTP/1.1", upstream: "http://x.y.z.w:5601/", host: "x-y-z-w.ip.linodeusercontent.com"
2022/10/06 13:16:24 [error] 20386#20386: *44 connect() failed (111: Connection refused) while connecting to upstream, client: 123.456.789.123 server: x-y-z-w.ip.linodeusercontent.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://x.y.z.w:5601/favicon.ico", host: "x-y-z-w.ip.linodeusercontent.com", referrer: "https://x-y-z-w.ip.linodeusercontent.com/"

I've have been trying to play around with some different confs but I always end on the exactly same point (maybe I'm starting to get burn out).

If anyone can help me/any tips/point me in the right direction I would be deeply appreciated!

Regards!

[Carlos Ezequiel Bordon]

Hi Jorge, how are you? I share with you the different configurations of Nginx and kibana with which I achieve the configuration you need:

cat /etc/nginx/conf.d/example.conf 

upstream wazuh {

 server wazuh.example.com:5601; 

} 

server { 

 listen 80 default_server;

 listen [::]:80 default_server;

 server_name wazuh.example.com;

 location / {

 return 301 https://$host$request_uri;

 }

}

server {

 listen 443 SSL;

 listen [::]:443;

 server_name wazuh.example.com;

 include snippets/self-signed.conf;

 location / {

  proxy_pass https://wazuh; 

 }

}

Kibana config:

server.host: 192.168.56.254 ---> Ip from your server

server.port: 5601

I had to make an additional configuration because I had SELinux activated on my test server, validate that this does not generate any kind of problem

[Jorge Silva]

Hi Carlos,

Thank you so much for your feedback! I deeply appreciate it!

Based on your example I was able to fix my settings and manged to setup nginx as a reverse proxy!

Thank you once again!

All the best!

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/edZNc5ebcvQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/6bf1b694-f64d-49aa-bc27-9bc1d6d7b330n%40googlegroups.com.