Basicauth in front of kibana

hi all,

iam using caddy2 as reverse Proxy.

everytrhing is workin like a charm.

i do have a Kibana (ELK-Stack) behind the reverse Proxy.

i want to enable basicauth against the reverse proxy, and if authentication is successfull it should proxy to kibana.

The Problem iam having:

caddy forwards the authentication token to kibana, but kibana has its own authentication and therefore it tells me Unauthorized since the basicauth user is only available to caddy. is there a way to not forward the authentication header to the backend?

At the end of the Day i want to have “dual Auth” 1st BasicAuth against reverse Proxy
2nd: Normal Auth from Kibana.

config:

kib.hasinet.at {
        @notLocal {
        not remote_ip 172.16.0.0/16
}
        basicauth @notLocal {
                keim JDJhJDEwJHV2akerSnhyRMNOcHFLUzgyQUxPZS5sd01XN2ljYW16RVNhVU1DZGYzT3pBdEVVTmNuN1Au
}
        reverse_proxy * {
                to 172.16.0.2:5601
                header_up X-Real-IP {remote_host}
                header_up X-Forwarded-Proto {scheme}
                header_up Access-Control-Allow-Origin *
                header_up Access-Control-Allow-Credentials true
                header_up Access-Control-Allow-Headers Cache-Control,Content-Type
                transport http {
                        read_buffer 8192
                }
        }
}

so far,
axp

I’ve edited your post for you to fix the code block, you need to use backticks, i.e. ```, not single quotes, i.e. ‘’’.

To delete a header before sending the request upstream, you can use the following:

header_up -Authorization

Note the - before the header name, this indicates that it should be removed. I’m not certain this will do what you need though, if your upstream uses the Authorization header as a gate, then you’ll still not be able to login. You’ll likely need to disable the authentication on your upstream in that case.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.