ELK
Overview
ELK (Elasticsearch, Logstash, Kibana) originally had no built-in auth; Kibana was open to anyone with the URL. X-Pack adds auth but advanced features (OAuth, OIDC, LDAP, SAML) are paid. casdoor/elk-auth-casdoor is a free, open-source reverse proxy that puts Casdoor (OAuth 2.0/OIDC) in front of the ELK/Kibana stack. Unauthenticated users are redirected to Casdoor; after sign-in, requests are forwarded to Kibana. Intercepted requests (including POST) are cached and replayed after login so users do not lose form data.
How to run
-
Install Go.
-
Clone casdoor/elk-auth-casdoor.
-
In Casdoor, register the proxy as an application and note Client ID, Client Secret, application name, and organization.
-
Edit the configuration.
El archivo de configuración se encuentra en "conf/app.conf". Aquí hay un ejemplo, que debe personalizar según sus necesidades específicas.
appname = .
# port on which the reverse proxy shall be run
httpport = 8080
runmode = dev
# EDIT IT IF NECESSARY. The URL of this reverse proxy.
pluginEndpoint = "http://localhost:8080"
# EDIT IT IF NECESSARY. The URL of the Kibana.
targetEndpoint = "http://localhost:5601"
# EDIT IT. The URL of Casdoor.
casdoorEndpoint = "http://localhost:8000"
# EDIT IT. The clientID of your reverse proxy in Casdoor.
clientID = ceb6eb261ab20174548d
# EDIT IT. The clientSecret of your reverse proxy in Casdoor.
clientSecret = af928f0ef1abc1b1195ca58e0e609e9001e134f4
# EDIT IT. The application name of your reverse proxy in Casdoor.
appName = ELKProxy
# EDIT IT. The organization to which your reverse proxy belongs in Casdoor.
organization = built-in -
Visit
http://localhost:8080(in the above example) and log in following the redirection guidance. Entonces debería ver Kibana protegido y autenticado por Casdoor. -
Si todo funciona bien, no olvide bloquear el acceso externo al puerto original de Kibana configurando su firewall (u otro método). Esto asegura que los forasteros solo puedan acceder a Kibana a través de este proxy inverso.