basePath links problem via reverse proxy

[candlerb]

(Relates to #1134, #17). System configuration as per #1134, but I now have an Apache reverse proxy in front of Kibana. This proxy is acting as TLS frontend, and is also performing authentication (using mod_auth_openidc against Google)

The proxying is straightforward:

        ProxyPass /logs http://x.x.x.x:5601/logs
        ProxyPassReverse /logs http://x.x.x.x:5601/logs

(Since the path is the same, ProxyPassReverse shouldn't do anything - and I've tried both with and without)

I go to https://frontend.example.net/logs and Kibana starts correctly. When I hover over the Wazuh app link it points to https://frontend.example.net/logs/app/wazuh#/health-check?_g=()

But when I click on this, it goes via a series of exchanges which ends up at an invalid location: https://frontend.example.net/app/wazuh#undefined (that is, without the /logs/ basePath prefix), giving a 404.

The proxy logs from the click to the error are here:

x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/app/wazuh HTTP/1.1" 200 16108 "https://frontend.example.net/logs/app/kibana" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/bundles/app/wazuh/bootstrap.js HTTP/1.1" 304 292 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/bundles/vendors.style.css HTTP/1.1" 304 307 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/bundles/commons.style.css HTTP/1.1" 304 307 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/bundles/wazuh.style.css HTTP/1.1" 304 464 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/timelion/index.css HTTP/1.1" 304 442 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/vega/index.css HTTP/1.1" 304 442 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/tile_map/index.css HTTP/1.1" 304 442 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/tagcloud/index.css HTTP/1.1" 304 442 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/table_vis/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/status_page/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/region_map/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/metric_vis/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/markdown_vis/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/kibana/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/inspector_views/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/input_control_vis/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/console/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/rollup/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/license_management/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/index_management/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/watcher/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/canvas/style/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/ml/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/searchprofiler/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/security/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/spaces/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/monitoring/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/plugins/graph/index.css HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/ui/favicons/favicon-32x32.png HTTP/1.1" 304 280 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/bundles/vendors.bundle.js HTTP/1.1" 304 307 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:08 +0000] "GET /logs/ui/favicons/favicon-16x16.png HTTP/1.1" 304 280 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:09 +0000] "GET /logs/ui/fonts/open_sans/open_sans_v15_latin_regular.woff2 HTTP/1.1" 304 280 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:09 +0000] "GET /logs/bundles/commons.bundle.js HTTP/1.1" 304 307 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:09 +0000] "GET /logs/bundles/wazuh.bundle.js HTTP/1.1" 304 307 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=es_6_0 HTTP/1.1" 200 18922 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/kibana/assets/discover.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/kibana/assets/visualize.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/kibana/assets/dashboard.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/timelion/icon.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/wazuh/img/icon.png HTTP/1.1" 304 280 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/canvas/icon.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/ml/ml.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/infra/images/infra_mono_white.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/infra/images/logging_mono_white.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/apm/icon.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/kibana/assets/wrench.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/monitoring/icons/monitoring.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/kibana/assets/settings.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/security/images/person.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/security/images/logout.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/plugins/kibana/assets/play-circle.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/api/spaces/space HTTP/1.1" 200 574 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/utils/configuration HTTP/1.1" 200 516 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/api/saved_objects/_find?type=index-pattern&fields=title&per_page=10000 HTTP/1.1" 200 618 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/bundles/fa0bbd682c66f1187d48f74b33b5bbd0.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/bundles/commons.style.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/api/security/v1/me HTTP/1.1" 200 481 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "GET /logs/elastic/timestamp HTTP/1.1" 200 529 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:10 +0000] "POST /logs/api/saved_objects/_bulk_get HTTP/1.1" 200 5227 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:11 +0000] "POST /logs/api/check-stored-api HTTP/1.1" 200 664 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:11 +0000] "POST /logs/api/check-stored-api HTTP/1.1" 200 664 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:11 +0000] "GET /logs/bundles/e6cf7c6ec7c2d6f670ae9d762604cb0b.woff2 HTTP/1.1" 304 280 "https://frontend.example.net/logs/bundles/wazuh.style.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:11 +0000] "GET /logs/plugins/wazuh/img/icon_blue.svg HTTP/1.1" 304 285 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:11 +0000] "POST /logs/api/request HTTP/1.1" 200 507 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:11 +0000] "POST /logs/api/saved_objects/_bulk_get HTTP/1.1" 200 5227 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:11 +0000] "GET /logs/elastic/setup HTTP/1.1" 200 617 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:11 +0000] "GET /logs/elastic/index-patterns/wazuh-alerts-3.x-* HTTP/1.1" 200 536 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:11 +0000] "GET /logs/elastic/template/wazuh-alerts-3.x-* HTTP/1.1" 200 552 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
x.x.x.x - snip@accounts.google.com [11/Jan/2019:14:16:12 +0000] "GET /app/wazuh HTTP/1.1" 404 545 "https://frontend.example.net/logs/app/wazuh" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"

Here is the log from within Chrome:

It suggests that the request was initiated at wazuh.bundle.js:31. I presume this is /usr/share/kibana/optimize/bundles/wazuh.bundle.js, but it's been squashed. The lines leading up to this point are:

    26  /**
    27   * @license AngularJS v1.6.5
    28   * (c) 2010-2017 Google, Inc. http://angularjs.org
    29   * License: MIT
    30   */
    31  (function(window,angular){"use strict";angular.module("ngCookies",["ng"]).info({angularVersion:"1.6.5"}).

I can correct the URL manually by adding /logs/ basePath back in the URL bar. The page continues to load, but some of the assets are not found:

For example, app_dashboard.svg is URL https://frontend.example.net/plugins/wazuh/img/icons/app_dashboard.svg: that is, the /logs/ prefix is missing from /plugins/ too.

[candlerb]

BTW: I see that the Kibana dev server is able to set a random base path to help shake out these problems.

But for now I have changed to using a separate virtualhost for Kibana (with a separate certificate) on the front-end proxy. This lets the Wazuh Kibana app work correctly.

[jesusgn90]

Hello again @candlerb ,

Can you paste your Apache configuration and your kibana configuration (/etc/kibana/kibana.yml)?. With those files, we can create a dev environment quickly and try to help you.

By the way, we may have some missing parts fully adapted to reverse proxy, let us try your configuration to be sure and to detect if we must repair something else.

Thanks in advance.

Regards, Jesús

[candlerb]

/etc/kibana/kibana.yml

server.host: "0.0.0.0"
server.basePath: "/logs"
server.rewriteBasePath: true

(everything else is comments)

/etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
        ServerAdmin postmaster@example.net
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        Redirect permanent / https://ix-mon2.int.example.net/
</VirtualHost>

/etc/apache2/sites-available/001-default-ssl.conf

<VirtualHost *:443>
    ServerAdmin postmaster@example.net
    ServerName ix-mon2.int.example.net

    DocumentRoot /var/www/html
    # Fix problem with Firefox: https://github.com/zmartzone/mod_auth_openidc/issues/404
    ErrorDocument 401 " "

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
    #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
    SSLCertificateFile  /etc/dehydrated/certs/ix-mon2.int.example.net/cert.pem
    SSLCertificateKeyFile   /etc/dehydrated/certs/ix-mon2.int.example.net/privkey.pem

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
    SSLCertificateChainFile /etc/dehydrated/certs/ix-mon2.int.example.net/chain.pem

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
    </Directory>

    # The following mod_auth_openidc config is irrelevant, but including for completeness
        OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
        OIDCClientID XXXXXXXX-XXXXXXXX.apps.googleusercontent.com
        OIDCClientSecret XXXXXXXX

        OIDCAuthRequestParams hd=example.com
        OIDCRedirectURI /oauth2callback
        OIDCCryptoPassphrase XXXXXXXX
        OIDCScope "openid email"
        OIDCSessionInactivityTimeout 3600

        <Location />
                AuthType openid-connect
                Require claim hd:example.com
        </Location>

    ProxyPreserveHost On
    RequestHeader set X-Forwarded-Proto "https"
        ProxyPass /logs http://ix-elk.int.example.net:5601/logs
        ProxyPassReverse /logs http://ix-elk.int.example.net:5601/logs
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Those sections which consist only of comments have been removed.

I believe only the ProxyPass line is significant.

[jesusgn90]

Thanks @candlerb, and sorry for the late response. Let me try your configuration and I'll get back to you.

Regards

[jesusgn90]

Hello again @candlerb ,

/etc/kibana/kibana.yml

Here you should remove server.rewriteBasePath, just use server.basePath

...
server.basePath: "/logs"

Apache configuration

Something like this, should work for you (modify your custom settings):

<VirtualHost *:443>
    ServerName ix-mon2.int.example.net
    ...

        # Proxy
    <Location /kibana>
                ....
        ### Reverse Proxy
        ProxyPass         http://kibana-server-ip:5601 retry=0
        ProxyPassReverse  http://kibana-server-ip:5601
    </Location>
</VirtualHost>

Let me know if it works for you.

Regards

[candlerb]

Aside: I only enabled server.rewriteBasePath because it said it would become the default from release 7.x (so wanted to future-proof the config)

However, I've now changed it the way you suggest, by disabling that setting, and instead adding this onto the proxy:

        ProxyPass /logs http://ix-elk.int.soundmouse.net:5601 retry=0
        ProxyPassReverse /logs http://ix-elk.int.soundmouse.net:5601

Unfortunately it still doesn't work properly.

Firstly, although the Wazuh app home page does display, all the images are missing. Looking at the console log, I see:

Hovering over the app_dashboard.svg link, I see https://ix-mon2.int.example.net/plugins/wazuh/img/icons/app_dashboard.svg - that is, the /logs prefix is missing.

Secondly, issue #1134 is still present. If I go into the Kibana discover page (note: not Wazuh's discover tab), expand a single event, look at the linked "rule.id" value, the link points to

https://ix-mon2.int.example.net/logs/app//app/wazuh#/manager/?tab=ruleset&ruleid=4713

(i.e. /app/ appears twice in the path).

So I'm going to revert this back to using a virtualhost rather than basePath.

[jesusgn90]

Hi @candlerb ,

What did you decide about virtualhost vs basePath?

Is it working now?

Regards, Jesús

[candlerb]

I gave Kibana its own named virtualhost in the proxy, so I wouldn't have to deal with the basePath problems which I itemised above.

[jesusgn90]

Hi @candlerb, closing this ticket because we are talking about it in https://github.com/wazuh/wazuh-kibana-app/issues/1339, stay updated tracking that one.

In any case, we've just merged the fix for our next version and we'll explain a patch for your version in https://github.com/wazuh/wazuh-kibana-app/issues/1339.

Best regards, Jesús