Hello, I am new to the ELK stack technology, and had a question. My
organization uses Siteminder to authenticate against their AD environment.
In order to have this work with ELK, I was going to do the following:
1) Send log data to 1 of 5 different indices, based on source
2) Configure a separate Apache vhost and configure each based on what is
accessible, i.e. using the LIMIT directives to limit everything except GET
and POST for a certain index, for example.
3) Configure Siteminder for each vhost, allowing a certain subset of users
access to each vhost based on what their permissions to each index should
be (IE security gets access to the vhost that can send all methods, Network
group can access the vhost that can only send GET and POST to the
networking index, etc)
I am in the process of testing this, and I got port 80 to work, but I can't
get another port to work (in my test environment, I do not have access to
the DNS server yet so I've been using IP vhosts). I've allowed CORS to
wildcard, I believe, and I've configured ES to bind to the localhost and
use reverse proxy via apache. It all works on port 80, but when I go on
port 8080 for example I get the Kibana-ES "Connection Failed" error.
Here are my configs (rough draft, not complete):
elasticsearch.yml:
http.cors.enabled: true
http.cors.allow-origin: "/.*/"
network.host:"127.0.0.1"
httpd-vhosts.conf:
<VirtualHost *:80>
DocumentRoot "/usr/local/data/www/docs/apache/"
CustomLog "logs/access_log" combined
ProxyRequests off
ProxyPreserveHost on
ServerName *ServerIP*
ProxyPass /elasticsearch http://127.0.0.1:9200
ProxyPassReverse /elasticsearch /
<LocationMatch "//(_all)/.*$">
<LimitExcept TRACE >
Deny from all
</LimitExcept>
</LocationMatch>
<LocationMatch "//(sec)/.*$">
<LimitExcept TRACE >
Deny from all
</LimitExcept>
</LocationMatch>
<LocationMatch "//(eng)/.*$">
<LimitExcept GET POST>
Deny from all
</LimitExcept>
</LocationMatch>
</VirtualHost>
<VirtualHost *:8080>
DocumentRoot "/usr/local/data/www/docs/apache/"
CustomLog "logs/access_log" combined
ProxyRequests off
#ProxyPreserveHost on
ServerName *ServerIP*
ProxyPass /elasticsearch http://127.0.0.1:9200
ProxyPassReverse /elasticsearch /
</VirtualHost>
Does anybody have any feedback, and know why port 8080 isn't working to
communicate with ES?
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/55240fdf-5ca8-457d-a342-a0ae4eb772dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
