Hosts the latest kibana3 and elasticsearch behind Google OAuth2, Basic Authentication or CAS Authentication with NodeJS and Express.
We NO LONGER support third-party plugins such as Bigdesk
or Head
since it's hard to test and maintain
It's just a standard nodejs application, you could install it in the same server with ES, or not. Before run the following commands, please make sure you have nodejs and npm well installed.
# git clone https://github.com/fangli/kibana-authentication-proxy
# cd kibana-authentication-proxy/
# git submodule init
# git submodule update
# npm install
// You may want to update the built-in kibana3 to the latest version, just run
# cd kibana && git checkout master && git pull
// Then edit config.js, make sure you have everything checked in the config file
// and run!
# node app.js
All settings are placed in /config.js, hack it as you go.
es_host
: The host of ElasticSearches_port
: The port of ElasticSearches_using_ssl
: If the ES is using SSL(https)?es_username
: (optional) The basic authentication user of ES server, leave it blank if no basic auth appliedes_password
: (optional) The password of basic authentication of ES server, leave it blank if no basic auth appliedlisten_port
: The listen port of kibana3brower_cache_maxage
: The browser cache max-Age controll, for a better loading speedenable_ssl_port
: Enable SSL or not?listen_port_ssl
: If enable_ssl_port set to true, this is the port of SSLssl_key_file
: Point to the ssl key filessl_cert_file
: Point to the ssl certification filekibana_es_index
: The ES index for saving kibana dashboards, now per-user configurations supported. using %user% instead of the usernamewhich_auth_type_for_kibana_index
: Where the variable %user% comes from? which authentication type you want to use for it?cookie_secret
: The secret token for cookies. replace it with a random string for securityWe currently support 3 auth methods: Google OAuth2, BasicAuth and CAS, you can use one of them or all of them. it depends on the configuration you have.
1. Google OAuth2
enable_google_oauth
: Enable or not?client_id
: The client ID of Google OAuth2, leave empty if you don't want to use itclient_secret
: The client secret of Google OAuth2allowed_emails
: An emails list for the authorized users, should like `["a@b.com", "@b.com", ""]`. All google users in the list will be allowed to access kibana.Important
Google OAuth2 needs authorized redirect URIs for your app, please add it first as below, http://YOUR-KIBANA-SITE:[listen_port]/auth/google/callback
in production or http://localhost:[listen_port]/auth/google/callback
for local test
2. Basic Authentication
enable_basic_auth
: Enable or not?basic_auth_users
: A list of user/passwd, see the comments in config.js for help. leave empty if you won't use it3. CAS Auth
enable_cas_auth
: Enable or not?cas_server_url
: Point to the CAS server URLkibana Authentication Proxy is freely distributable under the terms of the MIT license.
Copyright (c) 2013 Fang Li, Funplus Game
See LICENCE for details.