I have older application which was sending logs to elasticsearch on port 9200, now when it comes to opendistro elasticsearch https is enabled and username, password or ssl certs becomes mandatory because of security plugin.
my application does not have option to configure certs or use username and password, it allows to configure elasticseach ip and port alone.
Now I am not able to get logs from that application.
One solution:
Remove security plugin from elasticsearch as well as kibana
But we want to use other features of security plugin.
So is there any way to disable https or any configuration i can get logs from my older application by configuring just IP and PORT?
You can prefix the the URL with the username as such:
Https://[user]:[pass]@elasticurl:port
Works for me on my app with any connection.
Alternatively, you can use basic authorization (user:pass as base64) as a header on a post request if you prefer
in opendistro security documentation, I found out below configuration which allows anonymous users and configure http.
anonymous_auth_enabled: <true|false>
xff: # optional section
enabled: <true|false>
internalProxies: <string> # Regex pattern
remoteIpHeader: <string> # Name of the header in which to look. Typically: x-forwarded-for
proxiesHeader: <string>
trustedProxies: <string> # Regex pattern
can this configuration be used for my purpose? but I did not find any proper example for this configuration.
can anybody give example for above configuration?
You’re correct, the OpenDistro documentation doesn’t contain the anonymous authentication config.
Also, you’re correct that anonymous authentication could be the solution for you.
To enable anonymous authentication in ES and Kibana of ODFE stack, you have to set:
ODFE has the built-in opendistro_security_anonymous user which has insufficient privileges to allow Kibana to connect with ES. Therefore you need to configure role and role mapping. Please find the example below.