elasticsearch-HQ
elasticsearch-HQ copied to clipboard
ElasticHQ
reverseproxy apache
Hello,
Thank you for your greatful and beautiful application. A little bit complicated to install in enterprise environment on Redhat without internet but done finally. I want put this behind an apache with reverseproxy to access it throught url like http://myurl/elastichq/
I set my reverseproxy but elastichq redirect to http://myurl/ css etc... so it can work. (http://myurl)/static/main.5d03e2f58bd527e3e003.js?5d03e2f58bd527e3e003 ». Basically on kibana for example, we can specify the subpath to match with reverseproxy.
my reverseproxy conf ProxyPass /elastichq http://server:5600/ ProxyPassReverse /elastichq http://server:5600/
I'm launching elastichq with /bin/python36 /bin/gunicorn --daemon --chdir /mycloud/apps/hqelastic/prod -w 1 -b :5600 --worker-class eventlet application:application
Thank you for your help.
The port and host are already set so no. We need to be able to set a "prepath" of the url. You can check kibana about this functionality
Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
to Kibana. This setting cannot end in a slash.
server.basePath: "/kibana"
I'll take a look and see if I can get something configured with NGINX (http://www.patricksoftwareblog.com/how-to-configure-nginx-for-a-flask-web-application/)
Re: RHEL install - We have an image on dockerhub. May be easier to install next time.
Take care because apache and nginx are not really the same but the basic of reverseproxy is the same result. I can't do Docker in my enterprise. A personnal choice of enterprise which do not delegate admin rights etC... to application services (big enterprise...)
If I recall correctly, as long as the elasticsearchHQ does not use absolute redirect paths it will take the current address in the browser which would make it work with a reverse proxy even if it has a complete set of folders before it, this would allow you to have http://mysite/kibana and http://mysite/elasticHQ and http://mysite/elasticsearch even when each of those are at 342.351.34.314 and using a different port (5601, 9200, 5000) each on / directory each.
The only problem I encountered is that the Metrics tab will try to connect to /socket.io/ but otherwise everything else seems to work with the default configuration for the apache reverse proxy you are showing here with just one small change:
ProxyPass /elastichq http://server:5600/
ProxyPassReverse /elastichq http://server:5600/
if you do not add the slash in the directory it will try to go to root and be unable to load the static folder. but if you go to "http://server/elastichq/" it will load the static folders. Again, as I said it won't load the metrics part because it seems the socket.io is hardcoded. I did try to add:
ProxyPreserveHost On
# WebSocket IO configuration
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://server:5600//$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://server:5600//$1 [P,L]
But it won't take it because there is a restriction, you need to add a header that reads Access-Control-Allow Origin. If you do not have this the websocket connection will never validate its source and data will not be displayed. Everyting else works.
Notice that you need the following Apache mods enabled:
mod_rewrite
mod_proxy
mod_proxy_wstunnel
mod_proxy_http
And that only Apache web server 2.4.x supports this configuration.
Trying to get this to work based on kryztoval's comments I ran into the Metrics tab generating a bunch of 405 Method not allowed return codes for POST methods to /socket.io/ . I dug into the Access-Control-Allow-Origin header as mentioned but I'm starting to think it might be something else. I found some other comments about Proxying websockets with Apache and eventually tried this:
RewriteCond %{QUERY_STRING} transport=polling
RewriteRule /(.*)$ http://localhost:5000/$1 [P]
ProxyRequests off
ProxyPass /socket.io/ ws://localhost:5000/socket.io/
ProxyPassReverse /socket.io/ ws://localhost:5000/socket.io/
Based on a comment here that rewriting to the ws protocol doesn't seem to work:
https://github.com/socketio/socket.io/issues/1696#issuecomment-63299992
The 405's are gone and replaced with 200 for the socket.io requests but the charts still aren't rendering. I'm admittedly in over my head but would really like to make this work through Apache. If anyone has any thoughts I'm willing to test things out.
I never got a 405 with my configuration, I did see the same you are seeing, charts not rendering but 200 being sent all over the place. you did basically the same, transport=polling is always sent in an HTTP:Upgrade=websocket packet, but I am also filtering what needs to go over http and what needs to go to websockets. I have not been able to go around it though. I will retry later this month.
@kryztoval Using your explanation above, were you able to get this working with web sockets and apache?
I'm still in the middle of trying to get it to work the way I want. The websockets do work and the charts populate if the RewriteRule is applied to the entire site, but then I can't navigate to https://hostname/app/kibana as everything is redirected from the root of the site to elastichq. I have been unable to figure out the RewriteRule to get the site to function correctly under an elastichq location.
Ok.. so it sounds like it does work for @5tevebaker except trying to route kibana and HQ thru the same proxy.
metrics module not working with ProxyPassReverse
I have configured docker build using ProxyPassReverse from apache2. I can able to see all other dashbaord except metrics module,
ProxyPass /elastichq/ http://localhost:5000/
ProxyPassReverse /elastichq/(.*) http://localhost:5000/elastichq/(.*)
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:5000/elastichq%{REQUEST_URI} [P]
advanced thank you, any suggestion to configure websocket in apache2 for elastichq
@kryztoval Using your explanation above, were you able to get this working with web sockets and apache?
No, web sockets did not work for me.
@kryztoval Using your explanation above, were you able to get this working with web sockets and apache?
No, web sockets did not work for me.
It is not working for me, Is there any other approach?
Maybe someone with better knowledge than I can read through this https://www.reddit.com/r/flask/comments/98xhw2/flasksocketio_through_gunicorn_and_redis_as_a/
The author seems to imply Apache is not supported, but looks like the OP got it working.