mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
Merge pull request #5866 from spalger/implement/externalizeServerConnectionSetup
externalize server connection and logging setup
This commit is contained in:
Spencer
commit
9f46c143e3
3 changed files with 65 additions and 55 deletions
|
|
@ -1,4 +1,4 @@
|
|||
module.exports = function (kbnServer, server, config) {
|
||||
module.exports = async function (kbnServer, server, config) {
|
||||
let _ = require('lodash');
|
||||
let fs = require('fs');
|
||||
let Boom = require('boom');
|
||||
|
|
@ -11,60 +11,7 @@ module.exports = function (kbnServer, server, config) {
|
|||
server = kbnServer.server = new Hapi.Server();
|
||||
|
||||
const shortUrlLookup = require('./short_url_lookup')(server);
|
||||
|
||||
// Create a new connection
|
||||
var connectionOptions = {
|
||||
host: config.get('server.host'),
|
||||
port: config.get('server.port'),
|
||||
state: {
|
||||
strictHeader: false
|
||||
},
|
||||
routes: {
|
||||
cors: config.get('server.cors'),
|
||||
payload: {
|
||||
maxBytes: config.get('server.maxPayloadBytes')
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
// enable tls if ssl key and cert are defined
|
||||
if (config.get('server.ssl.key') && config.get('server.ssl.cert')) {
|
||||
connectionOptions.tls = {
|
||||
key: fs.readFileSync(config.get('server.ssl.key')),
|
||||
cert: fs.readFileSync(config.get('server.ssl.cert')),
|
||||
// The default ciphers in node 0.12.x include insecure ciphers, so until
|
||||
// we enforce a more recent version of node, we craft our own list
|
||||
// @see https://github.com/nodejs/node/blob/master/src/node_constants.h#L8-L28
|
||||
ciphers: [
|
||||
'ECDHE-RSA-AES128-GCM-SHA256',
|
||||
'ECDHE-ECDSA-AES128-GCM-SHA256',
|
||||
'ECDHE-RSA-AES256-GCM-SHA384',
|
||||
'ECDHE-ECDSA-AES256-GCM-SHA384',
|
||||
'DHE-RSA-AES128-GCM-SHA256',
|
||||
'ECDHE-RSA-AES128-SHA256',
|
||||
'DHE-RSA-AES128-SHA256',
|
||||
'ECDHE-RSA-AES256-SHA384',
|
||||
'DHE-RSA-AES256-SHA384',
|
||||
'ECDHE-RSA-AES256-SHA256',
|
||||
'DHE-RSA-AES256-SHA256',
|
||||
'HIGH',
|
||||
'!aNULL',
|
||||
'!eNULL',
|
||||
'!EXPORT',
|
||||
'!DES',
|
||||
'!RC4',
|
||||
'!MD5',
|
||||
'!PSK',
|
||||
'!SRP',
|
||||
'!CAMELLIA'
|
||||
].join(':'),
|
||||
// We use the server's cipher order rather than the client's to prevent
|
||||
// the BEAST attack
|
||||
honorCipherOrder: true
|
||||
};
|
||||
}
|
||||
|
||||
server.connection(connectionOptions);
|
||||
await kbnServer.mixin(require('./setup_connection'));
|
||||
|
||||
// provide a simple way to expose static directories
|
||||
server.decorate('server', 'exposeStaticDir', function (routePath, dirPath) {
|
||||
|
|
|
|||
60
src/server/http/setup_connection.js
Normal file
60
src/server/http/setup_connection.js
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
import fs from 'fs';
|
||||
|
||||
export default function (kbnServer, server, config) {
|
||||
// this mixin is used outside of the kbn server, so it MUST work without a full kbnServer object.
|
||||
kbnServer = null;
|
||||
|
||||
// Create a new connection
|
||||
var connectionOptions = {
|
||||
host: config.get('server.host'),
|
||||
port: config.get('server.port'),
|
||||
state: {
|
||||
strictHeader: false
|
||||
},
|
||||
routes: {
|
||||
cors: config.get('server.cors'),
|
||||
payload: {
|
||||
maxBytes: config.get('server.maxPayloadBytes')
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
// enable tls if ssl key and cert are defined
|
||||
if (config.get('server.ssl.key') && config.get('server.ssl.cert')) {
|
||||
connectionOptions.tls = {
|
||||
key: fs.readFileSync(config.get('server.ssl.key')),
|
||||
cert: fs.readFileSync(config.get('server.ssl.cert')),
|
||||
// The default ciphers in node 0.12.x include insecure ciphers, so until
|
||||
// we enforce a more recent version of node, we craft our own list
|
||||
// @see https://github.com/nodejs/node/blob/master/src/node_constants.h#L8-L28
|
||||
ciphers: [
|
||||
'ECDHE-RSA-AES128-GCM-SHA256',
|
||||
'ECDHE-ECDSA-AES128-GCM-SHA256',
|
||||
'ECDHE-RSA-AES256-GCM-SHA384',
|
||||
'ECDHE-ECDSA-AES256-GCM-SHA384',
|
||||
'DHE-RSA-AES128-GCM-SHA256',
|
||||
'ECDHE-RSA-AES128-SHA256',
|
||||
'DHE-RSA-AES128-SHA256',
|
||||
'ECDHE-RSA-AES256-SHA384',
|
||||
'DHE-RSA-AES256-SHA384',
|
||||
'ECDHE-RSA-AES256-SHA256',
|
||||
'DHE-RSA-AES256-SHA256',
|
||||
'HIGH',
|
||||
'!aNULL',
|
||||
'!eNULL',
|
||||
'!EXPORT',
|
||||
'!DES',
|
||||
'!RC4',
|
||||
'!MD5',
|
||||
'!PSK',
|
||||
'!SRP',
|
||||
'!CAMELLIA'
|
||||
].join(':'),
|
||||
// We use the server's cipher order rather than the client's to prevent
|
||||
// the BEAST attack
|
||||
honorCipherOrder: true
|
||||
};
|
||||
}
|
||||
|
||||
server.connection(connectionOptions);
|
||||
}
|
||||
|
|
@ -2,6 +2,9 @@ let _ = require('lodash');
|
|||
let fromNode = require('bluebird').fromNode;
|
||||
|
||||
module.exports = function (kbnServer, server, config) {
|
||||
// prevent relying on kbnServer so this can be used with other hapi servers
|
||||
kbnServer = null;
|
||||
|
||||
return fromNode(function (cb) {
|
||||
let events = config.get('logging.events');
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue