Skip to content

Securing Kibana


Hint - TLS encryption

For security reasons, we strongly recommend configuring the TLS encryption.


Configuring the TLS Encryption

The SEAL Elastic Stack installation includes a self-signed TLS certificate. Replace this certificate by your own certificate to secure the connection to Kibana.

  1. Get your own TLS certificate:

    • cert.pem

    • key.pem

  2. Copy your TLS certificate to the following directory:

    /opt/seal/etc/tls-external
    

    Hint - changing the TLS directory

    We recommend you use a directory different from tls for your customer certificates, e. g. tls-external.

    This allows you to easily switch back to the included certificates for test purposes.

    Also it prevents your certificates from being overwritten during an update.

    Make sure you use the new directory in all SEAL products that use TLS encryption.

  3. In an editor, open the kibana.yml configuration file:

    /opt/seal/etc/kibana.yml
    
  4. Copy the following lines:

    # server.ssl.certificate: /opt/seal/etc/tls/cert.pem
    # server.ssl.key: /opt/seal/etc/tls/key.pem
    
  5. Change the directory to the one containing your certificate:

    # server.ssl.certificate: /opt/seal/etc/tls/cert.pem
    server.ssl.certificate: /opt/seal/etc/tls-external/cert.pem
    # server.ssl.key: /opt/seal/etc/tls/key.pem
    server.ssl.key: /opt/seal/etc/tls-external/key.pem
    
  6. Activate the following lines:

    server.ssl.enabled: true
    server.ssl.certificate: /opt/seal/etc/tls-external/cert.pem
    server.ssl.key: /opt/seal/etc/tls-external/key.pem
    
  7. Save the file and exit.

  8. Restart Kibana:

    sudo systemctl restart seal-kibana
    
  9. In Consul set the following key:

    dc/home/env/service/any/tag/plossysadmin/KIBANA_LINK
    

    to

    https://<management-server>:5601/app/kibana
    

    or use a PLOSSYS CLI command:

    plossys config set TLS_EXTERNAL_DIR "https://<management-server>:5601/app/kibana" --service plossysadmin --insecure
    

Back to top