Traefik opensearch dashboard

General Feedback
1

some general info: I’m running opensearch in in docker swarm mode on 3 linux machines.
While I’m perfectly fine in going to hostname:5601 to use opensearch my end users arn’t :wink:

enter traefik and the hell it’s been giving me.

I’ve created a DNS name pointing to the first server in my docker swarm and I’ve added some labels as per the documentation for the dashboard to use traefik :

  opensearch-dashboards:
    image: opensearchproject/opensearch-dashboards:2.6.0
    container_name: opensearch-dashboards
    environment:
      - OPENSEARCH_HOSTS=["https://opensearch-node1:9200"]

    deploy: 
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.dash-rtr.service=dash-svc"
        - "traefik.http.routers.dash-rtr.entrypoints=http"
        - "traefik.http.services.dash-svc.loadbalancer.server.port=5601"
        - "traefik.domain=opensearch.****.****"
        - "traefik.http.routers.dash-rtr.rule=Host(`opensearch.****.****`)"
        - "traefik.docker.network=proxy"
    ports:
      - 5601:5601
    configs:
      - source: opensearch_kibana
        target: /usr/share/opensearch-dashboards/config/opensearch_dashboards.yml    
    networks:
      - proxy

Not sure if the traefik configuration is relevant, but can update this post to add it later on still.

So in short my endusers need to go to opensearch.. (internal domain are the ****) instead of the server_name:5601.

However on opening the page i’m presented with the following:

image
image1103×565 23.6 KB

If i look in the dev options of my browser I’m seeing some 404’s for “restapiinfo” and “account”. Are those on a different port then the default 5601?

image
image1172×87 4.7 KB

edit to clarify still:

while opensearch is still starting op (or the docker is anyway) the page is perfectly visible:
image
so it all goes to sh*t the moment the start up is completed and it wants to reach account and restapiinfo.

I’m at a loss, any idea’s or suggestions would be appreciated

2

Hi @Scarecrow ,

I have reviewed your setup and it seems that the issue you’re facing is related to how Traefik handles internal requests from OpenSearch Dashboards. Specifically, the routes to internal APIs like /api/restapiinfo and /api/account are returning a 400 error. This usually happens when the reverse proxy (in this case, Traefik) is not properly configured to allow communication between the dashboard and its internal APIs.

Diagnosing the Issue

  1. Dashboard API Routes: OpenSearch Dashboards has its own internal API, and these routes are typically under the /api prefix. If these routes are not properly accessible, the dashboard cannot communicate with the OpenSearch backend.
  2. Traefik Configuration: It seems that the current Traefik configuration might not be allowing proper access to these internal routes. We need to ensure that Traefik routes requests from the dashboard to its internal API correctly.

Proposed Solution

To fix this, we need to adjust the Traefik configuration to ensure that requests to the internal APIs are handled correctly. Here are specific steps you can take:

  1. Ensure that the Traefik router is configured to handle requests to the dashboard’s internal API routes. Add a rule to allow requests to /api/:
opensearch-dashboards:
 image: opensearchproject/opensearch-dashboards:2.6.0
 container_name: opensearch-dashboards
 environment:
   - OPENSEARCH_HOSTS=["https://opensearch-node1:9200"]

 deploy: 
   labels:
     - "traefik.enable=true"
     - "traefik.http.routers.dash-rtr.service=dash-svc"
     - "traefik.http.routers.dash-rtr.entrypoints=http"
     - "traefik.http.services.dash-svc.loadbalancer.server.port=5601"
     - "traefik.domain=opensearch.****.****"
     - "traefik.http.routers.dash-rtr.rule=Host(`opensearch.****.****`) && PathPrefix(`/api`)"
     - "traefik.docker.network=proxy"
 ports:
   - 5601:5601
 configs:
   - source: opensearch_kibana
     target: /usr/share/opensearch-dashboards/config/opensearch_dashboards.yml    
 networks:
   - proxy
  1. Ensure the ‘proxy’ network is configured correctly. Make sure that all services that need to communicate through Traefik are on the same Docker network.
  2. Verify that Traefik is listening on the correct port and there are no network conflicts. Adjust ports or network configurations if necessary.

Step-by-Step Verification

  1. Verify that the dashboard runs correctly without Traefik. Access it directly via hostname:5601 to ensure all functionalities are operational.
  2. Configure Traefik to handle basic requests through the configured domain. Make sure you can access opensearch.****.**** and see the dashboard.
  3. Check the logs for Traefik and OpenSearch Dashboards. Look for any errors or warnings that may indicate routing or network configuration issues.

Following these steps should help you configure Traefik to properly handle internal requests from the dashboard, allowing your users to access it through the configured domain without any issues.

I hope this helps you resolve the problem. Good luck!

Best regards,