默认的Kibana
1. 任何人都能无密码访问Kibana
2. 借用Nginx实现登录认证
3. Nginx控制源IP访问、Nginx可以使用用户名密码的方式

Kibana借用Nginx来实现简单认证
4. Kibana监听在127.0.0.1
5. 部署Nginx，使用Nginx来转发

Nginx编译安装
yum install -y lrzsz wget gcc gcc-c++ make pcre pcre-devel zlib zlib-devel
cd /usr/local/src
wget http://nginx.org/download/nginx-1.14.2.tar.gz
tar xvf nginx-1.14.2.tar.gz
cd nginx-1.14.2
./configure —prefix=/usr/local/nginx && make && make install

Nginx环境变量设置
6. echo export PATH=\$PATH:/usr/local/nginx/sbin/ >> /etc/profile && source /etc/profile
7. 验证环境变量
nginx -V
Nginx两种限制
8. 限制源IP访问，比较安全，访问的IP不变
9. 使用用户名密码的方式，通用

Nginx限制源IP访问

vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name localhost;
location / {
allow 127.0.0.1;
deny all;
proxy_pass http://127.0.0.1:5601;
}
}

测试
[root@server11 nginx-1.14.2]# nginx
[root@server11 nginx-1.14.2]# curl 127.0.0.1
Kibana server is not ready yet

观察访问日志
10. /usr/local/nginx/logs/access.log
11. 如果被拒绝了可以在日志里找到源IP
[root@server11 nginx-1.14.2]# cat /usr/local/nginx/logs/access.log
127.0.0.1 - - [12/Mar/2022:04:36:05 -0500] “GET / HTTP/1.1” 503 30 “-“ “curl/7.29.0”
192.168.10.1 - - [12/Mar/2022:04:36:33 -0500] “GET / HTTP/1.1” 403 571 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36”
192.168.10.1 - - [12/Mar/2022:04:36:33 -0500] “GET /favicon.ico HTTP/1.1” 403 571 “http://192.168.10.11/“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36”

[root@server11 nginx-1.14.2]# vim /usr/local/nginx/conf/nginx.conf
location / {
allow 127.0.0.1;
allow 192.168.10.1;
deny all;
proxy_pass http://127.0.0.1:5601;

}

[root@server11 nginx-1.14.2]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server11 nginx-1.14.2]# nginx -s reload

[root@server11 nginx-1.14.2]# curl http://192.168.10.11