Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make default elasticsearch URL use the same protocol as Kibana #1465

Closed
dimas opened this issue Aug 28, 2014 · 3 comments
Closed

Make default elasticsearch URL use the same protocol as Kibana #1465

dimas opened this issue Aug 28, 2014 · 3 comments

Comments

@dimas
Copy link

dimas commented Aug 28, 2014

Please change

    elasticsearch: "http://"+window.location.hostname+":9200",

to

    elasticsearch: window.location.protocol+"//"+window.location.hostname+":9200",

It should not affect anyone using Kibana over HTTP but will allow it work out of the box with HTTPS. If people moving Kibana to HTTPS there is really no sense to keep elasticsearch on plain HTTP anyway.
@kkirsche
Copy link
Contributor

kkirsche commented Sep 4, 2014

My only concern is that this would require the user to have ensured they have configured ElasticSearch to use the same protocol that Kibana is using while using http:// works with ElasticSearch's default configuration settings. I could be wrong about that, but my belief is that Kibana should be designed / coded to work with ElasticSearch's default configuration.

@dimas
Copy link
Author

dimas commented Sep 4, 2014

I am sure that most people just access Kibana over HTTP so they won't be affected by that change.

If someone removes HTTP access to Kibana and uses HTTPS instead, they probably doing it for a reason. Which of course can be different for everyone but chances are they do not want someone capturing plaintext traffic and seeing all the internal logs of their system.
But it just makes a very little sense to encrypt Kibana's traffic itself while still leaving Kibana to elasticsearch data plaintext as the very same information is availble there. It is only because of that I believe you either move both ports (kibana+elasticsearch) to HTTPS or do not bother doing it with either ot them.

Our case maybe a bit special, I admit. We just put Kibana/ElasticSearch on an Amazon node with a load balancer in front of it. The load balancer is told to do HTTPS termination - so it accepts HTTPS on ports 9292 and 9200 and just forwards these ports to the real server but as plain HTTP. (Kind of typical use of Amazon ELB). So in the end both Kibana and ElasticSearch installed with their "out of the box" configuration - default ports etc. The only problem is that ElasticSearch URL sent back to the browser is taken from config.js and is "http://" so even though the page is loaded from https://kibana:9292, it tries to get ElasticSearch data from http://kibana:9200 which does not work as ELB expects SSL handshake on port 9200.
We replaced this http with https but it really felt like that behaviour should be more "automatic" for the reasons explained above. I hope my explanation makes sense.

Also, to replace the URL we patched config.js right in the logstash.jar. Which is ugly but this, I guess, is only because of our lack of experience with Kibana as we could not find the official way of changing that elasticsearch URL :)

@rashidkpc
Copy link
Contributor

Indeed, I don't see a reason to change the default here, we allow you to configure it as needed.

@enterstudio enterstudio mentioned this issue Jul 31, 2022
Open
This was referenced Jul 31, 2022
Open
Open
Open
@larrycameron80 larrycameron80 mentioned this issue Aug 1, 2022
Open
@snyk-bot snyk-bot mentioned this issue Aug 1, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dimas @kkirsche @rashidkpc