ELK
Overview
ELK (Elasticsearch, Logstash, Kibana) originally had no built-in auth; Kibana was open to anyone with the URL. X-Pack adds auth but advanced features (OAuth, OIDC, LDAP, SAML) are paid. casdoor/elk-auth-casdoor is a free, open-source reverse proxy that puts Casdoor (OAuth 2.0/OIDC) in front of the ELK/Kibana stack. Unauthenticated users are redirected to Casdoor; after sign-in, requests are forwarded to Kibana. Intercepted requests (including POST) are cached and replayed after login so users do not lose form data.
How to run
-
Install Go.
-
Clone casdoor/elk-auth-casdoor.
-
In Casdoor, register the proxy as an application and note Client ID, Client Secret, application name, and organization.
-
Edit the configuration.
O arquivo de configuração está localizado em "conf/app.conf". Aqui está um exemplo, que você deve personalizar com base em suas necessidades específicas.
appname = .
# port on which the reverse proxy shall be run
httpport = 8080
runmode = dev
# EDIT IT IF NECESSARY. The URL of this reverse proxy.
pluginEndpoint = "http://localhost:8080"
# EDIT IT IF NECESSARY. The URL of the Kibana.
targetEndpoint = "http://localhost:5601"
# EDIT IT. The URL of Casdoor.
casdoorEndpoint = "http://localhost:8000"
# EDIT IT. The clientID of your reverse proxy in Casdoor.
clientID = ceb6eb261ab20174548d
# EDIT IT. The clientSecret of your reverse proxy in Casdoor.
clientSecret = af928f0ef1abc1b1195ca58e0e609e9001e134f4
# EDIT IT. The application name of your reverse proxy in Casdoor.
appName = ELKProxy
# EDIT IT. The organization to which your reverse proxy belongs in Casdoor.
organization = built-in -
Visit
http://localhost:8080(in the above example) and log in following the redirection guidance. Você deve então ver o Kibana protegido e autenticado pelo Casdoor. -
Se tudo funcionar bem, não se esqueça de bloquear o acesso externo à porta original do Kibana configurando seu firewall (ou outro método). Isso garante que pessoas de fora só possam acessar o Kibana através deste proxy reverso.