默认的kibana是没有任何的权限控制,假设kibana的监听地址为本地IP 127.0.0.1,我们可以利用nginx来限制访问kibana的IP
编辑nginx
worker_processes 1;
events {
worker_connections 999;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
server {
listen 5611; #监听端口
access_log /usr/local/nginx/logs/kibana_access.log main;
error_log /usr/local/nginx/logs/kibana_error.log error;
location / {
allow 10.0.0.91; #许可访问IP
deny all;
proxy_pass http://127.0.0.1:5601; #kibana的IP
}
}
}
通过配置文件修改 可以控制访问IP和端口