I have a question associated with nginx. I use elasticsearch and Kibana to store and visualize data. I want to block access to selected subpages in Kibana using nginx. There is a couple subpages (apps) in Kibana:
- Discover (localhost:5601/app/kibana#/discover)
- Visualize (localhost:5601/app/kibana#/visualize)
- Dashboard (localhost:5601/app/kibana#/dashboard)
- Timelion (localhost:5601/app/timelion)
- Dev Tools (localhost:5601/app/kibana#/dev_tools)
- Management (localhost:5601/app/kibana#/management)
I want to give a permission to all users who have a password to Visualize, Dashboard and Timelion subpages. But I want to block (using diffrent password) Discover, Dev Tools and Management subpages. I created three files.
- kibana.htpasswd - user 'elastic' which should have a permission to Visualize, Dashboard and Timelion subpages and should not have permission to Discover, Dev Tools and Management subpages
- kibana-admin.htpasswd - user 'admin' which should have permission to all subpages
- kibana.conf - config file
kibana.conf:
server {
listen *:5611;
server_name localhost;
access_log /var/log/nginx/kibana-access.log;
error_log /var/log/nginx/kibana-error.log;
location / {
auth_basic "Access denied";
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
proxy_pass localhost:5601;
}
location /app/kibana#/management {
auth_basic "Access denied";
auth_basic_user_file /etc/nginx/conf.d/kibana-admin.htpasswd;
proxy_pass localhost:5601;
}
location /app/kibana#/dev_tools {
auth_basic "Access denied";
auth_basic_user_file /etc/nginx/conf.d/kibana-admin.htpasswd;
proxy_pass localhost:5601;
}
location /app/kibana#/discover {
auth_basic "Access denied";
auth_basic_user_file /etc/nginx/conf.d/kibana-admin.htpasswd;
proxy_pass localhost:5601;
}
}
The problem is that when I open localhost:5611 in my browser and log in as user 'elastic' I have a permission to all subpages. What should I change in config file to block admin subpages for user 'elastic'? Is it possible with nginx?
