mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
[server/http] move connection setup out of main setup
We need to be able to follow the same connection setup routine outside of the server's http module. Since we can create Config instances (with https://github.com/elastic/kibana/pull/5865) and this portion of initialization does not require the actual kbnServer, we can safely use it to configure other hapi instances so that they will behave similarrly to Kibana.
This commit is contained in:
spalger
parent
5fa8118a15
commit
e332de8a30
3 changed files with 65 additions and 55 deletions
|
|
@ -1,4 +1,4 @@
|
|||
module.exports = function (kbnServer, server, config) {
|
||||
module.exports = async function (kbnServer, server, config) {
|
||||
let _ = require('lodash');
|
||||
let fs = require('fs');
|
||||
let Boom = require('boom');
|
||||
|
|
@ -11,60 +11,7 @@ module.exports = function (kbnServer, server, config) {
|
|||
server = kbnServer.server = new Hapi.Server();
|
||||
|
||||
const shortUrlLookup = require('./short_url_lookup')(server);
|
||||
|
||||
// Create a new connection
|
||||
var connectionOptions = {
|
||||
host: config.get('server.host'),
|
||||
port: config.get('server.port'),
|
||||
state: {
|
||||
strictHeader: false
|
||||
},
|
||||
routes: {
|
||||
cors: config.get('server.cors'),
|
||||
payload: {
|
||||
maxBytes: config.get('server.maxPayloadBytes')
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
// enable tls if ssl key and cert are defined
|
||||
if (config.get('server.ssl.key') && config.get('server.ssl.cert')) {
|
||||
connectionOptions.tls = {
|
||||
key: fs.readFileSync(config.get('server.ssl.key')),
|
||||
cert: fs.readFileSync(config.get('server.ssl.cert')),
|
||||
// The default ciphers in node 0.12.x include insecure ciphers, so until
|
||||
// we enforce a more recent version of node, we craft our own list
|
||||
// @see https://github.com/nodejs/node/blob/master/src/node_constants.h#L8-L28
|
||||
ciphers: [
|
||||
'ECDHE-RSA-AES128-GCM-SHA256',
|
||||
'ECDHE-ECDSA-AES128-GCM-SHA256',
|
||||
'ECDHE-RSA-AES256-GCM-SHA384',
|
||||
'ECDHE-ECDSA-AES256-GCM-SHA384',
|
||||
'DHE-RSA-AES128-GCM-SHA256',
|
||||
'ECDHE-RSA-AES128-SHA256',
|
||||
'DHE-RSA-AES128-SHA256',
|
||||
'ECDHE-RSA-AES256-SHA384',
|
||||
'DHE-RSA-AES256-SHA384',
|
||||
'ECDHE-RSA-AES256-SHA256',
|
||||
'DHE-RSA-AES256-SHA256',
|
||||
'HIGH',
|
||||
'!aNULL',
|
||||
'!eNULL',
|
||||
'!EXPORT',
|
||||
'!DES',
|
||||
'!RC4',
|
||||
'!MD5',
|
||||
'!PSK',
|
||||
'!SRP',
|
||||
'!CAMELLIA'
|
||||
].join(':'),
|
||||
// We use the server's cipher order rather than the client's to prevent
|
||||
// the BEAST attack
|
||||
honorCipherOrder: true
|
||||
};
|
||||
}
|
||||
|
||||
server.connection(connectionOptions);
|
||||
await kbnServer.mixin(require('./setup_connection'));
|
||||
|
||||
// provide a simple way to expose static directories
|
||||
server.decorate('server', 'exposeStaticDir', function (routePath, dirPath) {
|
||||
|
|
|
|||
60
src/server/http/setup_connection.js
Normal file
60
src/server/http/setup_connection.js
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
import fs from 'fs';
|
||||
|
||||
export default function (kbnServer, server, config) {
|
||||
// this mixin is used outside of the kbn server, so it MUST work without a full kbnServer object.
|
||||
kbnServer = null;
|
||||
|
||||
// Create a new connection
|
||||
var connectionOptions = {
|
||||
host: config.get('server.host'),
|
||||
port: config.get('server.port'),
|
||||
state: {
|
||||
strictHeader: false
|
||||
},
|
||||
routes: {
|
||||
cors: config.get('server.cors'),
|
||||
payload: {
|
||||
maxBytes: config.get('server.maxPayloadBytes')
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
// enable tls if ssl key and cert are defined
|
||||
if (config.get('server.ssl.key') && config.get('server.ssl.cert')) {
|
||||
connectionOptions.tls = {
|
||||
key: fs.readFileSync(config.get('server.ssl.key')),
|
||||
cert: fs.readFileSync(config.get('server.ssl.cert')),
|
||||
// The default ciphers in node 0.12.x include insecure ciphers, so until
|
||||
// we enforce a more recent version of node, we craft our own list
|
||||
// @see https://github.com/nodejs/node/blob/master/src/node_constants.h#L8-L28
|
||||
ciphers: [
|
||||
'ECDHE-RSA-AES128-GCM-SHA256',
|
||||
'ECDHE-ECDSA-AES128-GCM-SHA256',
|
||||
'ECDHE-RSA-AES256-GCM-SHA384',
|
||||
'ECDHE-ECDSA-AES256-GCM-SHA384',
|
||||
'DHE-RSA-AES128-GCM-SHA256',
|
||||
'ECDHE-RSA-AES128-SHA256',
|
||||
'DHE-RSA-AES128-SHA256',
|
||||
'ECDHE-RSA-AES256-SHA384',
|
||||
'DHE-RSA-AES256-SHA384',
|
||||
'ECDHE-RSA-AES256-SHA256',
|
||||
'DHE-RSA-AES256-SHA256',
|
||||
'HIGH',
|
||||
'!aNULL',
|
||||
'!eNULL',
|
||||
'!EXPORT',
|
||||
'!DES',
|
||||
'!RC4',
|
||||
'!MD5',
|
||||
'!PSK',
|
||||
'!SRP',
|
||||
'!CAMELLIA'
|
||||
].join(':'),
|
||||
// We use the server's cipher order rather than the client's to prevent
|
||||
// the BEAST attack
|
||||
honorCipherOrder: true
|
||||
};
|
||||
}
|
||||
|
||||
server.connection(connectionOptions);
|
||||
}
|
||||
|
|
@ -2,6 +2,9 @@ let _ = require('lodash');
|
|||
let fromNode = require('bluebird').fromNode;
|
||||
|
||||
module.exports = function (kbnServer, server, config) {
|
||||
// prevent relying on kbnServer so this can be used with other hapi servers
|
||||
kbnServer = null;
|
||||
|
||||
return fromNode(function (cb) {
|
||||
let events = config.get('logging.events');
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue