How to configure the Kibana base path

Running Kibana behind a reverse proxy under a subpath such as /kibana keeps the web UI and APIs on a predictable client-facing URL without dedicating a separate host name or external port. A correct base path prevents broken navigation, missing static assets, and API calls that accidentally land on the proxy root instead of the Kibana route.

Kibana builds links and route handlers from server.basePath, while server.rewriteBasePath decides whether Kibana strips that prefix from incoming requests or expects the reverse proxy to remove it first. When absolute links are needed for notifications, redirects, or integrations, server.publicBaseUrl is configured separately and must include the same prefix.

The base path must start with / and cannot end with a trailing slash. Configuration changes require a Kibana restart, and a mismatch between the proxy rewrite behavior, server.rewriteBasePath, and any configured server.publicBaseUrl can leave the UI reachable only on some paths or cause startup validation failures.

Related: How to set the Kibana public base URL How to check Kibana status

Steps to configure the Kibana base path:

  1. Choose the client-facing URL prefix to use for Kibana, such as /kibana.

    server.basePath must start with / and must not end with /.

  2. Decide whether Kibana or the reverse proxy should remove the prefix before request routing.

    Set server.rewriteBasePath to true when requests arrive at Kibana with the prefix still present, or keep it at false when the reverse proxy strips the prefix before forwarding. Set the option explicitly so startup behavior matches the proxy configuration.

  3. Edit the Kibana configuration file. 
    $ sudoedit /etc/kibana/kibana.yml

    Container images commonly use /usr/share/kibana/config/kibana.yml instead of /etc/kibana/kibana.yml.

  4. Set the base path options in the configuration. 
    server.basePath: "/kibana"
server.rewriteBasePath: true

    Set server.publicBaseUrl separately when Kibana must generate absolute external links, and include the same /kibana prefix when it is configured. Related: How to set the Kibana public base URL

  5. Restart the Kibana service to apply the change. 
    $ sudo systemctl restart kibana

    Related: How to manage the Kibana service with systemctl in Linux

  6. Query the status endpoint through the client-facing base path. 
    $ curl --silent http://kibana.example.net/kibana/api/status | jq '{name, version: .version.number, overall: .status.overall.level}'
{
  "name": "kibana-node",
  "version": "9.3.1",
  "overall": "available"
}

    An HTTP 200 response from /kibana/api/status confirms the base path is being routed correctly. Add authentication, TLS, or a trusted CA option when the client-facing URL requires them. Related: How to check Kibana status

  7. Compare the prefixed and unprefixed status URLs to confirm Kibana is mounted under the base path instead of the proxy root. 
    $ curl --silent --output /dev/null --write-out "%{http_code}\n" http://kibana.example.net/kibana/api/status
200
$ curl --silent --output /dev/null --write-out "%{http_code}\n" http://kibana.example.net/api/status
404

    A 200 on the prefixed path and 404 on the unprefixed path confirms the base path is active on the client-facing route.