Zum Hauptinhalt springen

ELK

Overview

ELK (Elasticsearch, Logstash, Kibana) originally had no built-in auth; Kibana was open to anyone with the URL. X-Pack adds auth but advanced features (OAuth, OIDC, LDAP, SAML) are paid. casdoor/elk-auth-casdoor is a free, open-source reverse proxy that puts Casdoor (OAuth 2.0/OIDC) in front of the ELK/Kibana stack. Unauthenticated users are redirected to Casdoor; after sign-in, requests are forwarded to Kibana. Intercepted requests (including POST) are cached and replayed after login so users do not lose form data.

How to run

  1. Install Go.

  2. Clone casdoor/elk-auth-casdoor.

  3. In Casdoor, register the proxy as an application and note Client ID, Client Secret, application name, and organization.

  4. Edit the configuration.

    Die Konfigurationsdatei befindet sich unter "conf/app.conf". Hier ist ein Beispiel, das Sie basierend auf Ihren spezifischen Bedürfnissen anpassen sollten.

    appname = .
    # port on which the reverse proxy shall be run
    httpport = 8080
    runmode = dev
    # EDIT IT IF NECESSARY. The URL of this reverse proxy.
    pluginEndpoint = "http://localhost:8080"
    # EDIT IT IF NECESSARY. The URL of the Kibana.
    targetEndpoint = "http://localhost:5601"
    # EDIT IT. The URL of Casdoor.
    casdoorEndpoint = "http://localhost:8000"
    # EDIT IT. The clientID of your reverse proxy in Casdoor.
    clientID = ceb6eb261ab20174548d
    # EDIT IT. The clientSecret of your reverse proxy in Casdoor.
    clientSecret = af928f0ef1abc1b1195ca58e0e609e9001e134f4
    # EDIT IT. The application name of your reverse proxy in Casdoor.
    appName = ELKProxy
    # EDIT IT. The organization to which your reverse proxy belongs in Casdoor.
    organization = built-in

  5. Visit http://localhost:8080 (in the above example) and log in following the redirection guidance. Sie sollten dann Kibana sehen, das durch Casdoor geschützt und authentifiziert ist.

  6. Wenn alles gut funktioniert, vergessen Sie nicht, den externen Zugriff auf den ursprünglichen Kibana-Port zu blockieren, indem Sie Ihre Firewall (oder eine andere Methode) konfigurieren. Dies stellt sicher, dass Außenstehende nur über diesen Reverse-Proxy auf Kibana zugreifen können.