Configuring Console

You can add the following options in the config/kibana.yml file:

console.enabled
Default: true Set to false to disable Console. Toggling this will cause the server to regenerate assets on the next startup, which may cause a delay before pages start being served.
console.proxyFilter
Default: .* A list of regular expressions that are used to validate any outgoing request from Console. If none of these match, the request will be rejected. See Securing Console for more details.
console.proxyConfig

A list of configuration options that are based on the proxy target. Use this to set custom timeouts or SSL settings for specific hosts. This is done by defining a set of match criteria using wildcards/globs which will be checked against each request. The configuration from all matching rules will then be merged together to configure the proxy used for that request.

The valid match keys are match.protocol, match.host, match.port, and match.path. All of these keys default to *, which means they will match any value.

Example:

console.proxyConfig:
  - match:
      host: "*.internal.org" # allow any host that ends in .internal.org
      port: "{9200..9299}" # allow any port from 9200-9299

    ssl:
      ca: "/opt/certs/internal.ca"
      # "key" and "cert" are also valid options here

  - match:
      protocol: "https"

    ssl:
      verify: false # allows any certificate to be used, even self-signed certs

  # since this rule has no "match" section it matches everything
  - timeout: 180000 # 3 minutes

Securing Console

Console is meant to be used as a local development tool. As such, it will send requests to any host & port combination, just as a local curl command would. To overcome the CORS limitations enforced by browsers, Console’s Node.js backend serves as a proxy to send requests on behalf of the browser. However, if put on a server and exposed to the internet this can become a security risk. In those cases, we highly recommend you lock down the proxy by setting the console.proxyFilter setting. The setting accepts a list of regular expressions that are evaluated against each URL the proxy is requested to retrieve. If none of the regular expressions match the proxy will reject the request.

Here is an example configuration the only allows Console to connect to localhost:

console.proxyFilter:
  - ^https?://(localhost|127\.0\.0\.1|\[::0\]).*

You will need to restart Kibana for these changes to take effect.