Connect to Elasticsearch via SSL when starting kibana with --ssl (#42840) (#42996)

* Initial work * Add check for elasticsearch.hosts * Make --ssl apply default config values only * Move @kbn/dev-utils to devDependencies * Check elasticsearch url for localhost * Cleanup * elasticsearch.hosts can be string too
2025-04-24 09:48:58 -04:00 · 2019-08-08 21:52:42 -04:00 · 2019-08-08 21:52:42 -04:00 · 06dfcd9b6e
commit 06dfcd9b6e
parent c91bc3ad71
2 changed files with 30 additions and 3 deletions
--- a/package.json
+++ b/package.json
@ -265,6 +265,7 @@
    "@elastic/eslint-config-kibana": "0.15.0",
    "@elastic/github-checks-reporter": "0.0.20b3",
    "@elastic/makelogs": "^4.4.0",
+    "@kbn/dev-utils": "1.0.0",
    "@kbn/es": "1.0.0",
    "@kbn/eslint-import-resolver-kibana": "2.0.0",
    "@kbn/eslint-plugin-eslint": "1.0.0",
--- a/src/cli/serve/serve.js
+++ b/src/cli/serve/serve.js
@ -20,6 +20,7 @@
 import _ from 'lodash';
 import { statSync } from 'fs';
 import { resolve } from 'path';
+import url from 'url';

 import { fromRoot, IS_KIBANA_DISTRIBUTABLE } from '../../legacy/utils';
 import { getConfig } from '../../legacy/server/path';
@ -87,12 +88,37 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
    }

    if (opts.ssl) {
-      set('server.ssl.enabled', true);
-    }
+      // @kbn/dev-utils is part of devDependencies
+      const { CA_CERT_PATH } = require('@kbn/dev-utils');
+      const customElasticsearchHosts = opts.elasticsearch
+        ? opts.elasticsearch.split(',')
+        : [].concat(get('elasticsearch.hosts') || []);

-    if (opts.ssl && !has('server.ssl.certificate') && !has('server.ssl.key')) {
+      function ensureNotDefined(path) {
+        if (has(path)) {
+          throw new Error(`Can't use --ssl when "${path}" configuration is already defined.`);
+        }
+      }
+      ensureNotDefined('server.ssl.certificate');
+      ensureNotDefined('server.ssl.key');
+      ensureNotDefined('elasticsearch.ssl.certificateAuthorities');
+
+      const elasticsearchHosts = (
+        (customElasticsearchHosts.length > 0 && customElasticsearchHosts) ||
+        ['https://localhost:9200']
+      ).map(hostUrl => {
+        const parsedUrl = url.parse(hostUrl);
+        if (parsedUrl.hostname !== 'localhost') {
+          throw new Error(`Hostname "${parsedUrl.hostname}" can't be used with --ssl. Must be "localhost" to work with certificates.`);
+        }
+        return `https://localhost:${parsedUrl.port}`;
+      });
+
+      set('server.ssl.enabled', true);
      set('server.ssl.certificate', DEV_SSL_CERT_PATH);
      set('server.ssl.key', DEV_SSL_KEY_PATH);
+      set('elasticsearch.hosts', elasticsearchHosts);
+      set('elasticsearch.ssl.certificateAuthorities', CA_CERT_PATH);
    }
  }