Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[hostBasedConfig] implement way to speficy proxy host based config #120

Merged
merged 5 commits into from
Mar 11, 2016
Merged

[hostBasedConfig] implement way to speficy proxy host based config #120

merged 5 commits into from
Mar 11, 2016

Conversation

spalger
Copy link
Contributor

@spalger spalger commented Mar 10, 2016

Fixes #69

This PR adds a way to specify configuration that is host based. It does this by adding a new config key, sense.proxyConfig. The value of this key is an array of objects, each of which is a rule that may change the configuration for a request by matching it's url.

sense.proxyConfig[].match

Each rule in the proxyConfig list may define a match property which contains a set of wildcard patterns to be matched against incoming requests. This match object can contain the following properties, they all default to *:

name purpose example input
match.protocol match the protocol of the request https
match.host match the hostname of a request *, *.internal.org
match.port match the port, is empty when no port in the request 92?? (9200-9299)
match.path match the path, does not include the query string /.kibana/**

sense.proxyConfig[].ssl

Each rule can specify ssl configuration to be applied to matching requests. The ssl object can contain the following properties:

name purpose default
ssl.verify If set to false then invalid ssl certificates will be allows for this request. This setting has not effect if ssl.ca, ssl.cert, or ssl.key are defined true
ssl.ca A certificate authority that will be used to verify the certificate of the server
ssl.cert A certificate which should match that of the server
ssl.ca A private key... I think this decrypts the ssl.cert but I'm not sure

sense.proxyConfig[].timeout

The only non-ssl-related config that can be set via sense.proxyConfig is timeout. Setting this will change the timeout applied to this request.

Example

sense:
  proxyConfig:
    - match:
        host: *.internal.org
        port: 92??
      ssl.ca: /opt/certs/internal.ca

    - match.host: *
      ssl.verify: false
      timeout: 180000 # 3 minutes

Creates the following configs:

=> request: http://es.internal.org:9200
<= config:
        ssl.ca: /opt/certs/internal.ca
        timeout: 180000

=> request: http://myfoundcluster.found.no:1234`
<= config:
        ssl.verify: false
        timeout: 180000

Remaining Work:

  • convert host matching to globs, the RegExp syntax is confusing
  • tests

spalger added a commit that referenced this pull request Mar 11, 2016
@spalger
Merge pull request #120 from spalger/implement/hostBasedConfig
d482329 
[hostBasedConfig] implement way to speficy proxy host based config
@spalger spalger merged commit d482329 into elastic:master Mar 11, 2016
@spalger
Copy link
Contributor Author

spalger commented Mar 11, 2016

Backported to 4.x and 4.4

@spalger spalger mentioned this pull request Mar 11, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@spalger