Kibana anonymous access with docker-compose

Question

Problem description

I am trying to get anonymous access setup on Kibana with docker so I can share embedded and link to dashboards I created. I am using version 7.17.17 and Docker-compose to get my Elastic/Kibana stack going, however, I'm having troubles getting this access working.

I have read the links from the docs but they don't seem to do the trick for me. The Kibana portion of the docker-compose.yml looks like this:

kib01:
  image: docker.elastic.co/kibana/kibana:7.17.17
  container_name: kib01
  ports:
    -5601:5601
  environment:
    SERVER_BASEPATH: /whatever
    ELASTICSEARCH_HOSTS: http://es01:9200
    ELASTICSEARCH_USERNAME: user
    ELASTICSEARCH_PASSWORD: password
  volumes:
    - ./kibana.yml:/usr/share/kibana/config/kibana.yml
  networks:
    - elastic

And here's what my kibana.yml looks like:

xpack.security.authc.providers:
  basic.basic1:
    order: 0
  anonymous.anonymous1:
    order: 1
    username: "guest_user"
    password: "guest_pass"

Issues that occur

If I run docker-compose like this I can't access my Kibana server at http://url/whatever, it doesn't redirect to Kibana. If I comment the "volumes" portion of the docker-compose it redirects just fine when I access it at http://url/whatever. So I can't even check if the anonymous login works or not.

Things I've tried

Setting up the kibana.yml variables inside the docker-compose like so:

XPACK_SECURITY_AUTHC_PROVIDERS_BASIC_BASIC1_ORDER: 0
XPACK_SECURITY_AUTHC_PROVIDERS_ANONYMOUS_ANONYMOUS1_ORDER: 1
XPACK_SECURITY_AUTHC_PROVIDERS_ANONYMOUS_ANONYMOUS1_USERNAME: "guest_user"
XPACK_SECURITY_AUTHC_PROVIDERS_ANONYMOUS_ANONYMOUS1_PASSWORD: "guest_pass"

But this doesn't seem to do anything.

I've also tried to write the environment variables over to the kibana.yml but I get the same results as having the "volumes" in the docker-compose.yml file. I can't access the Kibana server over at http://url/whatever.

I have also tried to set the environment variable

XPACK_SECURITY_SAMESITECOOKIES: None

That didn't solve it either.

The kibana.yml file is copying over just fine to the Docker VM since I accessed it and checked it was doing so just fine.

I'm kinda at a loss of what to do now so hoping I can get some help.

Answer 1

I fiddled around with the two YAML files to get something that would run.

docker-compose.yml:

services:
  kibana:
    image: docker.elastic.co/kibana/kibana:7.17.17
    container_name: kibana
    ports:
      - 5601:5601
    environment:
      SERVER_BASEPATH: /whatever
      ELASTICSEARCH_HOSTS: http://es01:9200
      ELASTICSEARCH_USERNAME: user
      ELASTICSEARCH_PASSWORD: password
    volumes:
      - ./kibana.yml:/usr/share/kibana/config/kibana.yml
    networks:
      - elastic

networks:
  elastic:
    name: elastic-network

kibana.yml:

xpack.security.authc.providers:
  basic.basic1:
    order: 0
  anonymous.anonymous1:
    order: 1
    credentials:
      username: "anonymous_user"
      password: "your_password"

With that setup I can successfully bring up the Docker Compose stack, but when I connect to http://127.0.0.1:5601/ something is clearly not right.

Looking at the logs revealed the problem. Without a kibana.yml configuration file:

{"message":"http server running at http://0.0.0.0:5601"}

and with the configuration file:

{"message":"http server running at http://localhost:5601"}

Aha! This is important because 0.0.0.0 is what you want, not localhost. To fix this we can add server.host to our kibana.yml.

server.host: "0.0.0.0"
xpack.security.authc.providers:
  basic.basic1:
    order: 0
  anonymous.anonymous1:
    order: 1
    credentials:
      username: "anonymous_user"
      password: "your_password"

And with that at least you can access Kibana without error:

Now you just need to get everything (ElasticSearch etc.) hooked up so that the Kibana server is ready to accept requests.