How to Configure Nginx Reverse Proxy for Kibana

September 17, 2020


The easiest way to secure your Kibana dashboard from malicious intruders is to set up an Nginx reverse proxy. By doing so, you ensure only authorized password-protected users can access Kibana (and the data in Elasticsearch).

In this tutorial, you will learn how to configure Nginx reverse proxy for Kibana.

How to Configure Nginx Reverse Proxy for Kibana.


  • A functioning ELK stack installed on your system
  • A user account with sudo privileges
  • Access to a terminal window/command line

Note: If you still haven’t set up the ELK stack, refer to our guides: Install ELK Stack on CentOS or Install ELK Stack on Ubuntu.

Configure Nginx Reverse Proxy for Kibana

Step 1: Configure Kibana

Before you start setting up Nginx, make sure to edit the configuration files of Kibana and Elasticsearch.

1. First, open Kibana’s configuration file by running:

sudo vim /etc/kibana/kibana.yml

If you followed the steps outlined in the Kibana installation, the file should be similar to the one displayed below.

Kibana configuration file.

2. Change the default server port and the server host address to the following values:"localhost"

3. Next, save and exit the file.

4. Restart the Kibana service with the command:

sudo service kibana restart

Step 2: Configure Elasticsearch

1. Repeat the same process for Elasticsearch. Open its configuration file:

sudo vim /etc/elasticsearch/elasticsearch.yml

2. Next, find the following lines and change the default port and host:

http.port: 9200 localhost

3. Save the file and restart the service:

sudo service elasticsearch restart

4.  Finally, verify you can access Kibana by navigating to the following URL in a browser:

An image of the Kibana dashboard.

Step 3: Install and Configure Nginx

The next step is to set up Nginx.

1. If you haven’t installed Nginx yet, run the command:

sudo apt-get install nginx

Note: For more detailed instructions on the Nginx installation, you can refer to How to Install Nginx on Ubuntu 18.04 or How to Install Nginx on CentOS 8.

2. Once you set up Nginx, install the apache2-utils, a utility for creating password-protected accounts:

sudo apt-get install apache2-utils

3. Then, create a user account you want to use for accessing Kibana. Replace user_account in the command with the username you want to use:

sudo htpasswd -c /etc/nginx/htpasswd.users user_account
Adding a user and setting a passwrod with htpasswd.

4. The output then asks you to provide and re-type a password for this user:

New password:
Re-type new password:
Adding password for user user_account

5. Next, create a configuration file for Nginx:

sudo vim /etc/nginx/conf.d/kibana.conf

6. Add the following content once inside the text editor:

worker_processes  1;
events {
  worker_connections 1024;

http {
  upstream elasticsearch {
    keepalive 15;

  upstream kibana {
    keepalive 15;

  server {
    listen 8881;

    location / {
      auth_basic "Restricted Access";
      auth_basic_user_file /etc/nginx/htpasswd.users;

      proxy_pass http://elasticsearch;
      proxy_redirect off;
      proxy_buffering off;

      proxy_http_version 1.1;
      proxy_set_header Connection "Keep-Alive";
      proxy_set_header Proxy-Connection "Keep-Alive";


  server {
    listen 8882;

    location / {
      auth_basic "Restricted Access";
      auth_basic_user_file /etc/nginx/htpasswd.users;

      proxy_pass http://kibana;
      proxy_redirect off;
      proxy_buffering off;

      proxy_http_version 1.1;
      proxy_set_header Connection "Keep-Alive";
      proxy_set_header Proxy-Connection "Keep-Alive";

7. Save and exit the file.

Note: In the configuration above, Nginx connects to Kibana by listening to port 8882 and Elasticsearch through port 8881. If you used different ports, make sure to alter the configuration accordingly.

Step 4: Restart Services  

You need to restart the services for them to recognize the new configuration.

1. Restart Nginx by running:

sudo service nginx restart

2. Then, restart the Kibana service with the command:

sudo service kibana restart

Step 5: Confirm Authentication Works Properly

1. Open a web browser and navigate to the IP address you assigned to Kibana.

2. An authentication window appears asking you to provide a Username and Password.

Kibana log in page with Nginx reverse proxy setup.

3. Type in the credentials configured while setting up Nginx and select Sign In. If you provided the correct information, the browser opens the Kibana welcome page.

Image of the Kibana welcome page.


If you followed this guide you should have successfully configured Nginx reverse proxy for Kibana. This provides an additional security layer that protects the data managed through Kibana.

Your next step should be to go through Kibana features used for visualization in our Kibana tutorial.

Was this article helpful?
Dejan Tucakov
Dejan is the Head of Content at phoenixNAP with over 8 years of experience in Web publishing and technical writing. Prior to joining PNAP, he was Chief Editor of several websites striving to advocate for emerging technologies. He is dedicated to simplifying complex notions and providing meaningful insight into data center and cloud technology.
Next you should read
How to Redirect HTTP to HTTPS in Nginx
March 6, 2024

Nginx (pronounced "Engine-X") is a Linux-based web server and proxy application. Because it specializes in...
Read more
How to Install Elasticsearch, Logstash, and Kibana (ELK Stack) on CentOS 8
May 6, 2020

Need to install the ELK stack to manage server log files on your CentOS 8? Follow this step-by-step guide and...
Read more
How to Install Elasticsearch on Ubuntu 18.04
April 23, 2020

Elasticsearch is an open-source engine that enhances searching, storing and analyzing capabilities of your...
Read more
How to Start, Stop, and Restart Nginx (systemctl & Nginx Commands)
May 20, 2020

Knowing how to start, stop and restart Nginx is essential for managing an Nginx web server. For example...
Read more