feat: add elasticsearch ssl options (#5499)

requarks · Aug 6, 2022 · 933293a · 933293a
1 parent 6943524
commit 933293a
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 5 deletions.
diff --git a/server/modules/search/elasticsearch/definition.yml b/server/modules/search/elasticsearch/definition.yml
@@ -20,28 +20,37 @@ props:
     title: Host(s)
     hint: Comma-separated list of Elasticsearch hosts to connect to, including the port, username and password if necessary. (e.g. http://localhost:9200, https://user:pass@es1.example.com:9200)
     order: 2
+  verifyTLSCertificate:
+    title: Verify TLS Certificate
+    type: Boolean
+    default: true
+    order: 3
+  tlsCertPath:
+    title: TLS Certificate Path
+    type: String
+    hint: Absolute path to the TLS certificate on the server.
+    order: 4
   indexName:
     type: String
     title: Index Name
     hint: The index name to use during creation
     default: wiki
-    order: 3
+    order: 5
   analyzer:
     type: String
     title: Analyzer
     hint: 'The token analyzer in elasticsearch'
     default: simple
-    order: 4
+    order: 6
   sniffOnStart:
     type: Boolean
     title: Sniff on start
     hint: 'Should Wiki.js attempt to detect the rest of the cluster on first connect? (Default: off)'
     default: false
-    order: 5
+    order: 7
   sniffInterval:
     type: Number
     title: Sniff Interval
     hint: '0 = disabled, Interval in seconds to check for updated list of nodes in cluster. (Default: 0)'
     default: 0
-    order: 6
-
+    order: 8
diff --git a/server/modules/search/elasticsearch/engine.js b/server/modules/search/elasticsearch/engine.js
@@ -1,6 +1,7 @@
 const _ = require('lodash')
 const stream = require('stream')
 const Promise = require('bluebird')
+const fs = require('fs')
 const pipeline = Promise.promisify(stream.pipeline)
 
 /* global WIKI */
@@ -24,6 +25,7 @@ module.exports = {
           nodes: this.config.hosts.split(',').map(_.trim),
           sniffOnStart: this.config.sniffOnStart,
           sniffInterval: (this.config.sniffInterval > 0) ? this.config.sniffInterval : false,
+          ssl: getTlsOptions(this.config),
           name: 'wiki-js'
         })
         break
@@ -33,6 +35,7 @@ module.exports = {
           nodes: this.config.hosts.split(',').map(_.trim),
           sniffOnStart: this.config.sniffOnStart,
           sniffInterval: (this.config.sniffInterval > 0) ? this.config.sniffInterval : false,
+          ssl: getTlsOptions(this.config),
           name: 'wiki-js'
         })
         break
@@ -351,3 +354,21 @@ module.exports = {
     WIKI.logger.info(`(SEARCH/ELASTICSEARCH) Index rebuilt successfully.`)
   }
 }
+
+function getTlsOptions(conf) {
+  if (!conf.tlsCertPath) {
+    return {
+      rejectUnauthorized: conf.verifyTLSCertificate
+    }
+  }
+
+  const caList = []
+  if (conf.verifyTLSCertificate) {
+    caList.push(fs.readFileSync(conf.tlsCertPath))
+  }
+
+  return {
+    rejectUnauthorized: conf.verifyTLSCertificate,
+    ca: caList
+  }
+}