How to remotely access Kibana in Elastic

Question

I am currently trying to make my Kibana dashboard remotely accessible via the browser. So, a user can monitor index and run scripts in a remote manner. As background, my elastic is currently ran on Windows server and I could successfully set 'elastic uri search' (e.g. http://[IP_ADDRESS]:9200) remotely accessible by updating elasticsearch.yml and opening the port 9200. For this reason, I took similar actions to remotely access Kibana, updating kibana.yml and opening the port 5601, but I couldn't remotely access kibana on the browser from my local machine. It throws ERR_CONNECTION_TIMED_OUT on the browser. See attributes that I have updated for kibana.yml:

server.port: "5601"
server.host: "0.0.0.0"
elasticsearch.url: "http://localhost:9200"

The solution was to disable the block rule in windows firewall settings. — Yohan Chung, Aug 08 '17 at 23:40

score 4 · Answer 1 · answered Jun 07 '20 at 23:56

You need to configure the file /etc/kibana/kibana.yml as root: Uncomment the lines:

server.port: 5601

# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

server.host: "0.0.0.0"

# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"

elasticsearch.hosts

Change the <your-elastic-server-ip> to your elastic search server IP, something like 192.168.1.XX

# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://<your-elastic-server-ip>:9200"]

And check the ports on your firewall:

$ sudo firewall-cmd --list-all

Output:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources: 
  services: cockpit dhcpv6-client ftp ssh
  ports: 10000/tcp 3306/tcp 9200/tcp 5601/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

If you don't see the ports 9200/tcp 5601/tcp opened then do the following command as sudo:

$ sudo firewall-cmd --zone=public --permanent --add-port 9200/tcp
$ sudo firewall-cmd --zone=public --permanent --add-port 5601/tcp

What if my elasticsearch api is behind a reverse proxy server in a context (URI) path like `"http://:80/elasticsearch"`? The elasticsearch.hosts configuration does not seem to work in this case! — Ashik, Jan 02 '23 at 17:22

score 0 · Answer 2 · answered Jul 08 '20 at 21:59

I followed these steps to connect remote Elasticsearch on AWS EC2 to my local kibana.

Backup your original .yml files

sudo cp /etc/elasticsearch/elasticsearch.yml elasticsearch.yml.bk

sudo cp /etc/kibana/kibana.yml kibana.yml.bk

Edit security groups and add a new rule - custom TCP with port 9200 accessible via your public IP v4.
ssh to your server and tweak ufw to allow your ip over 9200 sudo ufw allow from <your public v4 IP> to any port 9200
edit elasticsearch.yml to add network.host: 0.0.0.0 discovery.type: single-node Ref
on your local machine edit kibana.yml and add elasticsearch.hosts: ["http://34.103.134.135:9200"]
go to http://localhost:5601/ you should see your remote index under Discover> index management. `

I would advise against opening up your Elasticsearch to the public internet like that. A better setup would involve creating an SSH tunnel or even a reverse proxy to access Elasticsearch. Even a simple ssh -L "9200:localhost:9200" user@cloudserver would be better if you needed to tweak it without leaving it open like that. — John Seabourn, Dec 27 '21 at 07:20

How to remotely access Kibana in Elastic

2 Answers2