ELK
Overview
ELK (Elasticsearch, Logstash, Kibana) originally had no built-in auth; Kibana was open to anyone with the URL. X-Pack adds auth but advanced features (OAuth, OIDC, LDAP, SAML) are paid. casdoor/elk-auth-casdoor is a free, open-source reverse proxy that puts Casdoor (OAuth 2.0/OIDC) in front of the ELK/Kibana stack. Unauthenticated users are redirected to Casdoor; after sign-in, requests are forwarded to Kibana. Intercepted requests (including POST) are cached and replayed after login so users do not lose form data.
How to run
-
Install Go.
-
Clone casdoor/elk-auth-casdoor.
-
In Casdoor, register the proxy as an application and note Client ID, Client Secret, application name, and organization.
-
Edit the configuration.
Файл конфігурації розташований у "conf/app.conf". Ос�ь приклад, який ви повинні налаштувати відповідно до ваших конкретних потреб.
appname = .
# port on which the reverse proxy shall be run
httpport = 8080
runmode = dev
# EDIT IT IF NECESSARY. The URL of this reverse proxy.
pluginEndpoint = "http://localhost:8080"
# EDIT IT IF NECESSARY. The URL of the Kibana.
targetEndpoint = "http://localhost:5601"
# EDIT IT. The URL of Casdoor.
casdoorEndpoint = "http://localhost:8000"
# EDIT IT. The clientID of your reverse proxy in Casdoor.
clientID = ceb6eb261ab20174548d
# EDIT IT. The clientSecret of your reverse proxy in Casdoor.
clientSecret = af928f0ef1abc1b1195ca58e0e609e9001e134f4
# EDIT IT. The application name of your reverse proxy in Casdoor.
appName = ELKProxy
# EDIT IT. The organization to which your reverse proxy belongs in Casdoor.
organization = built-in -
Visit
http://localhost:8080(in the above example) and log in following the redirection guidance. Після цього ви повинні побачити Kibana, захищену та аутентифіковану через Casdoor. -
Якщо все працює добре, не забудьте заблокувати зовнішній доступ до оригінального порту Kibana, налаштувавши ваш брандмауер (або інший метод). Це забезпечує, що сторонні можуть отримати доступ до Kibana тільки через цей зворотній проксі.