How to Secure Kibana using Nginx as a reverse proxy on CentOS 7

Kibana is an open source data visualization plugin for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line and scatter plots, or pie charts and maps on top of large volumes of data.
Assuming that you have root permission, otherwise, you may start commands with “sudo”. 

Install Nginx

First of all, we have to install Nginx from EPEL repository:

yum install epel-release

Now you can install Nginx using YUM:

yum install nginx

After the installation is finished, execute the following commands to start your Nginx service and make it run at startup:

systemctl start nginx

systemctl enable nginx

Install and configure “httpd-tools”

For setting up an HTTP authentication we will need the “.htaccess” and “.htpasswd” files, we can get both of them by installing “httpd-tools” package:

yum install httpd-tools

After the installation process finished, we can create a “.htpasswd” file to store our credential data such as Usernames and Passwords in an encrypted format. Using the command below you can create a user with a password (make sure to replace the red part with your preferred values):

htpasswd -c /etc/nginx/ username

Executing the above command will prompt you to choose and verify your password.

Your authentication data is available in the following path, you can open it with the command below:

nano /etc/nginx/.htpasswd

Configuring Nginx

In this section, we are going to configure Nginx to act as a proxy, so it will direct authenticated user to “localhost:5601”

Open the Nginx configuration file with the command below:

nano /etc/nginx/nginx.conf

Find the “server” directive and change it  like below:

server {
  listen *:80;
  server_name _;
  location / {
    proxy_pass http://localhost:5601;
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;

Save and exit.

Check if everything Ok with your configuration:

nginx -t

You should get the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart the Nginx service to take effect:

systemctl restart nginx

Install Kibana

We are going to install the latest stable version of Kibana which is 5.5 at the time of the writing this article. we will download the “RPM” package and install it easily.


Run the following command to install the downloaded package:

rpm -ivh kibana-5.5.0-x86_64.rpm

After the installation is finished, execute the following commands to start Kibana and make is run at the startup:

systemctl daemon-reload

systemctl start kibana

systemctl enable kibana

For accessing the web interface you should enable the default port in the Kibana configuration. Execute the following command to open “kibana.yml” with the text editor:

nano /etc/kibana/kibana.yml

Find the line that refers to “server.port” and uncomment it, then save and exit.

Now you should restart the Kibana service to take effect:

systemctl restart kibana

Finally, you can open your browser and place your Domain or your public IP address on it. you will be prompt for authentication and then you will be direct to the Kibana web panel.

Was this answer helpful? 1 Users Found This Useful (2 Votes)