ELK
Overview
ELK (Elasticsearch, Logstash, Kibana) originally had no built-in auth; Kibana was open to anyone with the URL. X-Pack adds auth but advanced features (OAuth, OIDC, LDAP, SAML) are paid. casdoor/elk-auth-casdoor is a free, open-source reverse proxy that puts Casdoor (OAuth 2.0/OIDC) in front of the ELK/Kibana stack. Unauthenticated users are redirected to Casdoor; after sign-in, requests are forwarded to Kibana. Intercepted requests (including POST) are cached and replayed after login so users do not lose form data.
How to run
-
Install Go.
-
Clone casdoor/elk-auth-casdoor.
-
In Casdoor, register the proxy as an application and note Client ID, Client Secret, application name, and organization.
-
Edit the configuration.
Le fichier de configuration se trouve à "conf/app.conf". Voici un exemple, que vous devriez personnaliser en fonction de vos besoins spécifiques.
appname = .
# port on which the reverse proxy shall be run
httpport = 8080
runmode = dev
# EDIT IT IF NECESSARY. The URL of this reverse proxy.
pluginEndpoint = "http://localhost:8080"
# EDIT IT IF NECESSARY. The URL of the Kibana.
targetEndpoint = "http://localhost:5601"
# EDIT IT. The URL of Casdoor.
casdoorEndpoint = "http://localhost:8000"
# EDIT IT. The clientID of your reverse proxy in Casdoor.
clientID = ceb6eb261ab20174548d
# EDIT IT. The clientSecret of your reverse proxy in Casdoor.
clientSecret = af928f0ef1abc1b1195ca58e0e609e9001e134f4
# EDIT IT. The application name of your reverse proxy in Casdoor.
appName = ELKProxy
# EDIT IT. The organization to which your reverse proxy belongs in Casdoor.
organization = built-in -
Visit
http://localhost:8080(in the above example) and log in following the redirection guidance. Vous devriez alors voir Kibana protégé et authentifié par Casdoor. -
Si tout fonctionne bien, n'oubliez pas de bloquer l'accès externe au port Kibana original en configurant votre pare-feu (ou une autre méthode). Cela garantit que les étrangers ne peuvent accéder à Kibana que via ce proxy inverse.