无法代理将AWS Kibana传递给nginx

时间:2017-09-15 13:36:24

标签: amazon-web-services nginx kibana-4

我正在使用AWS kibana来搜索和查看Logstash已编入索引的日志。现在我正在使用AWS的默认URL,仅限于我的IP地址。我需要通过nginx proxy_pass它,我试着遵循这个文档:https://sysadmins.co.za/aws-access-kibana-5-behind-elb-via-nginx-reverse-proxy-on-custom-dns/

但是kibana没有加载。我收到以下错误:

Kibana: Not Found
Error: Not Found
    at respond (http://IP/index.js?_b=7562:85344:15)
    at checkRespForFailure (http://IP/index.js?_b=7562:85312:7)
    at http://IP/index.js?_b=7562:83950:7
    at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
    at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
    at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
    at http://IP/index.js?_b=7562:21035:76
    at Scope.$eval (http://IP/index.js?_b=7562:22022:28)
    at Scope.$digest (http://IP/index.js?_b=7562:21834:31)
    at Scope.$apply (http://IP/index.js?_b=7562:22126:24)

添加Nignx conf:

    server {
      listen 80 default_server;
      listen [::]:80 default_server ipv6only=on;
      server_name kibana.mydomain.com;

      # for elb health checks
      location /status {
        root /usr/share/nginx/html/ ;
      }

      location / {
        proxy_set_header Host search-aws-es.eu-west-1.es.amazonaws.com;
        proxy_set_header X-Real-IP <public-ip-for-instance>;

        proxy_http_version 1.1;
        proxy_set_header Connection "Keep-Alive";
        proxy_set_header Proxy-Connection "Keep-Alive";
        proxy_set_header Authorization "";

        proxy_pass https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/;
        proxy_redirect https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/ http://<public-ip-for-instance>/kibana/;
      }

      location ~ (/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
         proxy_pass              http://search-aws-es.eu-west-1.es.amazonaws.com;
         proxy_set_header        Host $host;
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;
         proxy_set_header        X-Forwarded-Host $http_host;
    }
  }
}

2 个答案:

答案 0 :(得分:0)

在您的最后一个位置块上,添加/ _plugin / kibana,为我修复了该问题。

我的工作设置(使用基于VPC的ES,但是只要您在ES访问策略中授权代理的IP,就不会有太大变化)

server {
  listen       80;
  server_name  kibana.mydomain.com

  location / {
    proxy_http_version 1.1;
    # proxy_set_header Host https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com;
    proxy_set_header Connection "Keep-Alive";
    proxy_set_header Proxy-Connection "Keep-Alive";
    proxy_set_header Authorization "";
    proxy_pass              https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com/_plugin/kibana/;
  }

  location ~ (/_plugin/kibana|/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
    proxy_pass              https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_set_header        X-Forwarded-Host $http_host;
    proxy_set_header        Authorization  "";
  }
}

答案 1 :(得分:-2)

这不能直接回答您的问题,但可能会解决您的问题:

您可以使用代理服务器作为服务:

https://www.iamproxy.com/

要使用它,您需要创建一个AWS用户并将其授权给elasticsearch,如下所示:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::12345678:user/es-user"
        ]
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:eu-central-1:557594345551:domain/your_es_domain/*"
    }
  ]
}

然后在此页面上创建一个帐户,并在那里输入您的IAM用户凭据。

缺点是您必须信任一个对弹性搜索具有读取权限的随机网站。但它避免了运行代理服务器的麻烦。

完全披露:我是iamproxy.com的创建者。

相关问题
最新问题