使用Nginx来限制访问kibana

默认kibana没有权限控制，先把kibana改到监听127.0.0.1，借助nginx限制访问

1:借助nginx来限制访问，控制源ip的访问

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    sendfile        on;
    keepalive_timeout  65;
    server {
       listen       5609;    // 80
       access_log  /usr/local/nginx/logs/kibana_access.log main;
       error_log /usr/local/nginx/logs/kibana_error.log error;
       location / {
           #allow 127.0.0.1;
	   #allow 192.168.0.104;
           #deny all;
           proxy_pass http://127.0.0.1:5601;    // 本机IP
       }
    }
}

可以在日志里面找到源ip地址：tail -f /opt/software/nginx/logs/kibana_access.log

2: 如果ip经常变化，就会很麻烦。nginx支持简单的用户名密码认证。

location / {

            auth_basic "elk auth";

            auth_basic_user_file /opt/software/nginx/conf/htpasswd;

            proxy_pass http://127.0.0.1:5601;

        }

设置密码文件：

printf "elk:$(openssl passwd -1 elkpass)\n" >/usr/local/nginx/conf/htpasswd