默认kibana没有权限控制,先把kibana改到监听127.0.0.1,借助nginx限制访问
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
server {
listen 5609; // 80
access_log /usr/local/nginx/logs/kibana_access.log main;
error_log /usr/local/nginx/logs/kibana_error.log error;
location / {
#allow 127.0.0.1;
#allow 192.168.0.104;
#deny all;
proxy_pass http://127.0.0.1:5601; // 本机IP
}
}
}
可以在日志里面找到源ip地址:tail -f /opt/software/nginx/logs/kibana_access.log
2: 如果ip经常变化,就会很麻烦。nginx支持简单的用户名密码认证。
auth_basic_user_file /opt/software/nginx/conf/htpasswd;
proxy_pass http://127.0.0.1:5601;
设置密码文件:
printf "elk:$(openssl passwd -1 elkpass)\n" >/usr/local/nginx/conf/htpasswd