Howard-Chang
commented
6 years ago Hi @Harish346, can below readonlyrest.yml work in your own home +ROR?
readonlyrest:
enable: true
access_control_rules:
- name: nginx
type: allow
indices: ["*"]
actions: ["*"]btw the "," need delete
name: Accept requests from users in group team1 on index1
groups: ["group1"]
type: allow
indices: ["demo*",] // hereyou can also check the elasticsearch log to find the problem.
Hi @wtakase , I am trying to use ownhome with Readonly rest.But I am getting the following Error
error [09:09:19.367] TypeError: Cannot read property 'updated_at' of undefined at C:\Users\Harish\Desktop\Kibana with own_Home\kibana-6.2.4-windows-x86_64\src\server\saved_objects\client\saved_objects_client.js:442:41 at next (native) at step (C:\Users\Harish\Desktop\Kibana with own_Home\kibana-6.2.4-windows-x86_64\src\server\saved_objects\client\saved_objects_client.js:20:191) at C:\Users\Harish\Desktop\Kibana with own_Home\kibana-6.2.4-windows-x86_64\src\server\saved_objects\client\saved_objects_client.js:20:361
My nginx.conf as follows: events { worker_connections 1024; }
http { upstream elasticsearch { server 127.0.0.1:9200; keepalive 15; }
upstream kibana { server 127.0.0.1:5601; keepalive 15; }
server { listen 8881;
}
server { listen 8885;
}
} readonlyrest.yml as follows: readonlyrest: enable: true # optional, defaults=true if at least 1 "access_control_rules" block
response_if_req_forbidden: Sorry, your request is forbidden. access_control_rules:
name: "::KIBANA-SRV::" auth_key: kibana:kibana type: allow
name: "::KIBANA ADMIN::" proxy_auth: ["admin"] type: allow kibana_access: admin
name: Accept requests from users in group team1 on index1 groups: ["group1"] type: allow indices: ["demo*",]
name: Accept requests from users in group team1 on index1 groups: ["group2"] type: allow indices: ["user*","sg_read_only_1"]
users:
username: cityuser1 proxy_auth: ["user"] type: allow groups: ["group1"]
username: demouser proxy_auth: ["demouser"] type: allow groups: ["group2"]
kibana.yml as follows:
elasticsearch.ssl.verificationMode: none own_home.proxy_user_header: x-forwarded-user own_home.session.secretkey: "mysecretkeymysecretkeymysecretkeymysecretkeymysecretkey" own_home.session.isSecure: false own_home.local.enabled: true own_home.elasticsearch.url: http://localhost:9200 elasticsearch.url: "http://localhost:19200" elasticsearch.username: "kibana" elasticsearch.password: "kibana" elasticsearch.requestHeadersWhitelist: [x-forwarded-user,cookie ] own_home.local.groups: [ public ]