If you want to access the Kibana service over the Internet or an internal network, you must add the IP address of your host to the related IP address whitelist of Kibana. This topic describes how to configure a public or private IP address whitelist for Kibana.

Prerequisites

An Alibaba Cloud Elasticsearch cluster is created. For more information, see Create an Alibaba Cloud Elasticsearch cluster.

Procedure

  1. Log on to the Elasticsearch console.
  2. In the left-side navigation pane, click Elasticsearch Clusters.
  3. Navigate to the desired cluster.
    1. In the top navigation bar, select the resource group to which the cluster belongs and the region where the cluster resides.
    2. In the left-side navigation pane, click Elasticsearch Clusters. On the Elasticsearch Clusters page, find the cluster and click its ID.
  4. In the left-side navigation pane of the page that appears, click Data Visualization.
  5. In the Kibana section of the page that appears, click Edit Configuration.
  6. In the Network Access Configuration section of the page that appears, click Update on the right side of Kibana Whitelist or Private Network Whitelist to configure a public or private IP address whitelist.
    The following descriptions provide an example on how to configure a public IP address whitelist. Network Access Configuration
    Note
    • By default, the Private Network Access switch is turned off. If you want to configure a private IP address whitelist, you must turn on the Private Network Access switch before you perform the operations in this step.
    • By default, the Public Network Access switch is turned on, which is indicated by the color green. If you turn off this switch, the entry point for access to Kibana over the Internet is not displayed in the Kibana section of the Data Visualization page. In this case, you cannot log on to the Kibana console over the Internet. If you turn on the Public Network Access switch, changes may occur on the Server Load Balancer (SLB) instance that is connected to Kibana but not on the Elasticsearch cluster. Therefore, this operation does not affect the Elasticsearch cluster.
    • By default, the Private Network Access switch is turned off, which is indicated by the color gray. After you turn on this switch, the entry point for access to Kibana over an internal network is displayed in the Kibana section of the Data Visualization page. Then, you can log on to the Kibana console over a VPC. If you turn on the Private Network Access switch, changes may occur on the SLB instance that is connected to Kibana but not on the Elasticsearch cluster. Therefore, this operation does not affect the Elasticsearch cluster.
    • After you configure a public IP address whitelist for Kibana, you can use the Kibana console of your Elasticsearch cluster to access only services in virtual private clouds (VPCs). You cannot use the Kibana console to access Internet services such as Baidu Maps and AMAP.
    • Add an IP address whitelist
      1. In the Modify Public Network Whitelist panel, click Add IP Address Whitelist.
      2. In the Add IP Address Whitelist dialog box, configure the Name and IP Addresses in Whitelist parameters. Add IP Address Whitelist
        Parameter Description
        Name The name of the IP address whitelist. The name must be 2 to 120 characters in length and can contain lowercase letters, digits, and underscores (_). The name must start with a letter and end with a letter or digit.
        IP Addresses in Whitelist
        • You can enter IP addresses or CIDR blocks in the IP Addresses in Whitelist field. For example, you can enter 192.168.0.1 or 192.168.0.0/24. Separate multiple IP addresses or CIDR blocks with commas (,). You can enter 127.0.0.1 to deny requests from all IPv4 addresses or enter 0.0.0.0/0 to allow requests from all IPv4 addresses.
          Notice
          • A whitelist can contain a maximum of 300 IP addresses or CIDR blocks.
          • If you want to specify CIDR blocks, make sure that the IP address that precedes the forward slash (/) in each CIDR block is the first IP address obtained based on subnet mask calculation.
        • Access from public IPv6 addresses are supported in the China (Hangzhou) region, and you can configure public IPv6 address whitelists in this region. For example, you can specify 2401:b180:1000:24::5 or 2401:b180:1000::/48 in a public IPv6 address whitelist. You can enter ::1 to deny requests from all IPv6 addresses or enter ::/0 to allow requests from all IPv6 addresses.
        • By default, requests from all public IP addresses are denied and requests from all private IPv4 addresses are allowed.
      3. Click OK. Then, you can view the newly created whitelist. Creation result
        Note
        • A default public IP address whitelist and a default private IP address whitelist are provided. Both whitelists are named default and contain default IP addresses or CIDR blocks. You can also add IP addresses or CIDR blocks to the whitelists.
        • In the whitelist configuration section, only the first three IP addresses or CIDR blocks are displayed for each type of whitelist. The other IP addresses or CIDR blocks are displayed as an ellipsis (...). If you want to view the other IP addresses or CIDR blocks in a whitelist, click Update on the right side of the related whitelist type. Then, in the panel that appears, click the Plus sign icon or Configure that corresponds to the whitelist.
    • Modify an IP address whitelist
      1. In the Modify Public Network Whitelist panel, find the IP address whitelist that you want to modify and click Configure.
      2. Change the value of Name or IP Addresses in Whitelist.
      3. Click OK.
    • Delete an IP address whitelist
      1. In the Modify Public Network Whitelist panel, find the IP address whitelist that you want to delete and click Delete.
      2. In the message that appears, click OK.