Closed candlerb closed 5 years ago
BTW: I see that the Kibana dev server is able to set a random base path to help shake out these problems.
But for now I have changed to using a separate virtualhost for Kibana (with a separate certificate) on the front-end proxy. This lets the Wazuh Kibana app work correctly.
Hello again @candlerb ,
Can you paste your Apache configuration and your kibana configuration (/etc/kibana/kibana.yml
)?. With those files, we can create a dev environment quickly and try to help you.
By the way, we may have some missing parts fully adapted to reverse proxy, let us try your configuration to be sure and to detect if we must repair something else.
Thanks in advance.
Regards, Jesús
server.host: "0.0.0.0"
server.basePath: "/logs"
server.rewriteBasePath: true
(everything else is comments)
<VirtualHost *:80>
ServerAdmin postmaster@example.net
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://ix-mon2.int.example.net/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin postmaster@example.net
ServerName ix-mon2.int.example.net
DocumentRoot /var/www/html
# Fix problem with Firefox: https://github.com/zmartzone/mod_auth_openidc/issues/404
ErrorDocument 401 " "
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile /etc/dehydrated/certs/ix-mon2.int.example.net/cert.pem
SSLCertificateKeyFile /etc/dehydrated/certs/ix-mon2.int.example.net/privkey.pem
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
SSLCertificateChainFile /etc/dehydrated/certs/ix-mon2.int.example.net/chain.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# The following mod_auth_openidc config is irrelevant, but including for completeness
OIDCProviderMetadataURL https://accounts.google.com/.well-known/openid-configuration
OIDCClientID XXXXXXXX-XXXXXXXX.apps.googleusercontent.com
OIDCClientSecret XXXXXXXX
OIDCAuthRequestParams hd=example.com
OIDCRedirectURI /oauth2callback
OIDCCryptoPassphrase XXXXXXXX
OIDCScope "openid email"
OIDCSessionInactivityTimeout 3600
<Location />
AuthType openid-connect
Require claim hd:example.com
</Location>
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ProxyPass /logs http://ix-elk.int.example.net:5601/logs
ProxyPassReverse /logs http://ix-elk.int.example.net:5601/logs
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Those sections which consist only of comments have been removed.
I believe only the ProxyPass line is significant.
Thanks @candlerb, and sorry for the late response. Let me try your configuration and I'll get back to you.
Regards
Hello again @candlerb ,
Here you should remove server.rewriteBasePath
, just use server.basePath
...
server.basePath: "/logs"
Something like this, should work for you (modify your custom settings):
<VirtualHost *:443>
ServerName ix-mon2.int.example.net
...
# Proxy
<Location /kibana>
....
### Reverse Proxy
ProxyPass http://kibana-server-ip:5601 retry=0
ProxyPassReverse http://kibana-server-ip:5601
</Location>
</VirtualHost>
Let me know if it works for you.
Regards
Aside: I only enabled server.rewriteBasePath
because it said it would become the default from release 7.x (so wanted to future-proof the config)
However, I've now changed it the way you suggest, by disabling that setting, and instead adding this onto the proxy:
ProxyPass /logs http://ix-elk.int.soundmouse.net:5601 retry=0
ProxyPassReverse /logs http://ix-elk.int.soundmouse.net:5601
Unfortunately it still doesn't work properly.
Firstly, although the Wazuh app home page does display, all the images are missing. Looking at the console log, I see:
Hovering over the app_dashboard.svg link, I see https://ix-mon2.int.example.net/plugins/wazuh/img/icons/app_dashboard.svg
- that is, the /logs
prefix is missing.
Secondly, issue #1134 is still present. If I go into the Kibana discover page (note: not Wazuh's discover tab), expand a single event, look at the linked "rule.id" value, the link points to
https://ix-mon2.int.example.net/logs/app//app/wazuh#/manager/?tab=ruleset&ruleid=4713
(i.e. /app/
appears twice in the path).
So I'm going to revert this back to using a virtualhost rather than basePath.
Hi @candlerb ,
What did you decide about virtualhost
vs basePath
?
Is it working now?
Regards, Jesús
I gave Kibana its own named virtualhost in the proxy, so I wouldn't have to deal with the basePath problems which I itemised above.
Hi @candlerb, closing this ticket because we are talking about it in https://github.com/wazuh/wazuh-kibana-app/issues/1339, stay updated tracking that one.
In any case, we've just merged the fix for our next version and we'll explain a patch for your version in https://github.com/wazuh/wazuh-kibana-app/issues/1339.
Best regards, Jesús
(Relates to #1134, #17). System configuration as per #1134, but I now have an Apache reverse proxy in front of Kibana. This proxy is acting as TLS frontend, and is also performing authentication (using mod_auth_openidc against Google)
The proxying is straightforward:
(Since the path is the same,
ProxyPassReverse
shouldn't do anything - and I've tried both with and without)I go to https://frontend.example.net/logs and Kibana starts correctly. When I hover over the Wazuh app link it points to https://frontend.example.net/logs/app/wazuh#/health-check?_g=()
But when I click on this, it goes via a series of exchanges which ends up at an invalid location: https://frontend.example.net/app/wazuh#undefined (that is, without the
/logs/
basePath prefix), giving a 404.The proxy logs from the click to the error are here:
Here is the log from within Chrome:
It suggests that the request was initiated at
wazuh.bundle.js:31
. I presume this is/usr/share/kibana/optimize/bundles/wazuh.bundle.js
, but it's been squashed. The lines leading up to this point are:I can correct the URL manually by adding
/logs/
basePath back in the URL bar. The page continues to load, but some of the assets are not found:For example, app_dashboard.svg is URL https://frontend.example.net/plugins/wazuh/img/icons/app_dashboard.svg: that is, the
/logs/
prefix is missing from/plugins/
too.