Adding SSL Support to Kibana Server

2025-04-23 17:28:26 -04:00 · 2015-01-26 13:36:53 -07:00 · 2015-01-26 13:36:53 -07:00 · 102752948e
commit 102752948e
parent 52c0767ae8
7 changed files with 51 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@ -12,3 +12,4 @@ target
 *.iml
 *.log
 esvm
+.htpasswd
--- a/package.json
+++ b/package.json
@ -14,8 +14,10 @@
  "version": "4.0.0-beta3",
  "main": "src/server/app.js",
  "homepage": "http://www.elasticsearch.org/overview/kibana/",
-  "bugs": "https://github.com/elasticsearch/kibana/issues",
-  "license": "Apache-2.0",
+  "bugs": {
+    "url": "https://github.com/elasticsearch/kibana/issues"
+  },
+  "license": "Apache 2.0",
  "author": "Rashid Khan <rashid.khan@elasticsearch.com>",
  "contributors": [
    "Spencer Alger <spencer.alger@elasticsearch.com>",
@ -43,6 +45,7 @@
    "debug": "~2.1.1",
    "express": "~4.10.6",
    "glob": "^4.3.2",
+    "http-auth": "^2.2.5",
    "http-proxy": "^1.8.1",
    "jade": "~1.8.2",
    "js-yaml": "^3.2.5",
@ -91,9 +94,5 @@
    "rjs-build-analysis": "0.0.3",
    "simple-git": "^0.11.0",
    "tar": "^1.0.1"
-  },
-  "license": "Apache 2.0",
-  "bugs": {
-    "url": "https://github.com/elasticsearch/kibana/issues"
  }
 }
--- a/src/server/app.js
+++ b/src/server/app.js
@ -2,6 +2,7 @@ var express = require('express');
 var path = require('path');
 var favicon = require('serve-favicon');
 var requestLogger = require('./lib/requestLogger');
+var auth = require('./lib/auth');
 var appHeaders = require('./lib/appHeaders');
 var cookieParser = require('cookie-parser');
 var bodyParser = require('body-parser');
@ -18,9 +19,10 @@ app.set('views', path.join(__dirname, 'views'));
 app.set('view engine', 'jade');
 app.set('x-powered-by', false);

-app.use(favicon(path.join(config.public_folder, 'styles', 'theme', 'elk.ico')));
 app.use(requestLogger());
+app.use(auth());
 app.use(appHeaders());
+app.use(favicon(path.join(config.public_folder, 'styles', 'theme', 'elk.ico')));

 if (app.get('env') === 'development') {
  require('./dev')(app);
--- a/src/server/config/index.js
+++ b/src/server/config/index.js
@ -7,14 +7,24 @@ var configPath = process.env.CONFIG_PATH || path.join(__dirname, 'kibana.yml');
 var kibana = yaml.safeLoad(fs.readFileSync(configPath, 'utf8'));
 var env = process.env.NODE_ENV || 'development';

+function checkPath(path) {
+  try {
+    fs.statSync(path);
+    return true;
+  } catch (err) {
+    return false;
+  }
+}
+
 // Check if the local public folder is present. This means we are running in
 // the NPM module. If it's not there then we are running in the git root.
 var public_folder = path.resolve(__dirname, '..', 'public');
-try {
-  fs.statSync(public_folder);
-} catch (err) {
-  public_folder = path.resolve(__dirname, '..', '..', 'kibana');
-}
+if (!checkPath(public_folder)) public_folder = path.resolve(__dirname, '..', '..', 'kibana');
+
+// Check to see if htpasswd file exists in the root directory otherwise set it to false
+var htpasswdPath = path.resolve(__dirname, '..', '.htpasswd');
+if (!checkPath(htpasswdPath)) htpasswdPath = path.resolve(__dirname, '..', '..', '..', '.htpasswd');
+if (!checkPath(htpasswdPath)) htpasswdPath = false;

 var config = module.exports = {
  port                    : kibana.port || 5601,
@ -25,7 +35,8 @@ var config = module.exports = {
  public_folder           : public_folder,
  external_plugins_folder : process.env.PLUGINS_FOLDER || null,
  bundled_plugins_folder  : path.resolve(public_folder, 'plugins'),
-  kibana                  : kibana
+  kibana                  : kibana,
+  htpasswd                : htpasswdPath
 };

 config.plugins = listPlugins(config);
--- a/src/server/config/kibana.yml
+++ b/src/server/config/kibana.yml
@ -34,3 +34,6 @@ shard_timeout: 0
 # certificate.
 verify_ssl: true

+# SSL for outgoing requests from the Kibana Server (PEM formatted)
+# ssl_key_file: /path/to/your/server.key
+# ssl_cert_file: /path/to/your/server.crt
--- a/src/server/index.js
+++ b/src/server/index.js
@ -3,16 +3,23 @@
 */

 var app = require('./app');
-var http = require('http');
+var fs = require('fs');
 var config = require('./config');
 var logger = require('./lib/logger');


 /**
- * Create HTTP server.
+ * Create HTTPS/HTTP server.
 */
-
-var server = http.createServer(app);
+var server;
+if (config.kibana.ssl_key_file && config.kibana.ssl_cert_file) {
+  server = require('https').createServer({
+    key: fs.readFileSync(config.kibana.ssl_key_file, 'utf8'),
+    cert: fs.readFileSync(config.kibana.ssl_cert_file, 'utf8')
+  }, app);
+} else {
+  server = require('http').createServer(app);
+}
 server.on('error', onError);
 server.on('listening', onListening);

--- a/src/server/lib/auth.js
+++ b/src/server/lib/auth.js
@ -0,0 +1,11 @@
+var config = require('../config');
+var httpAuth = require('http-auth');
+module.exports = function () {
+  console.log(config.htpasswd);
+  var basic;
+  if (config.htpasswd) {
+    basic = httpAuth.basic({ file: config.htpasswd });
+    return httpAuth.connect(basic);
+  }
+  return function (req, res, next) { return next(); };
+};