本配置實現Nginx認證登錄以免重要信息暴露在公網
日志收集ELK展示工具kibana免費版不支持密碼驗證,需要設置Nginx反向代理然后關閉kibana默認端口5601使用Nginx端口登錄進行用戶名及密碼認證
首先設置nginx反向代理kibana
nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format access_log_json '{"user_ip":"$http_x_forwarded_for","lan_ip":"$remote_addr","log_time":"$time_iso8601","user_rqp":"$request","http_code":"$status","body_bytes_sent":"$body_bytes_sent","req_time":"$request_time","user_ua":"$http_user_agent"}';
sendfile on;
keepalive_timeout 65;
include conf.d/*.conf;
}
在文件夾conf.d下面新建兩個配置文件http-www.conf
server {
listen 81;
server_name localhost;
auth_basic "User Authentication";
auth_basic_user_file /opt/nginx/conf/conf.d/kibana.passwd;
access_log /data/logs/nginx/http-access.log access_log_json;
location / {
proxy_set_header Host $host;
proxy_set_header x-for $remote_addr;
proxy_set_header x-server $host;
proxy_set_header x-agent $http_user_agent;
proxy_pass http://kibana;
}
}
upstream.conf
upstream kibana {
server 127.0.0.1:5601;
}
使用密碼工具生產密碼文件
htpasswd -c kibana.passwd admin
用戶名為admin需要連續輸入兩遍密碼
如果沒有htpasswd命令使用以下命令安裝
yum install httpd-tools
生成的密碼文件用戶名是明文,密碼為加密格式
修改配置文件http-www.conf添加認證
server {
listen 81;
server_name localhost;
auth_basic "User Authentication";
auth_basic_user_file /opt/nginx/conf/conf.d/kibana.passwd;
access_log /data/logs/nginx/http-access.log access_log_json;
location / {
proxy_set_header Host $host;
proxy_set_header x-for $remote_addr;
proxy_set_header x-server $host;
proxy_set_header x-agent $http_user_agent;
proxy_pass http://kibana;
}
}
在web界面登錄需要輸入用戶名和密碼
