fluent-plugin-aws-elasticsearch-service icon indicating copy to clipboard operation
fluent-plugin-aws-elasticsearch-service copied to clipboard

Published 20 hours ago verified publisher icon atomita

Ignore certificate host mismatch?

Open marksawersw opened this issue 7 years ago • 4 comments

Hello. Does the plugin have the capability to ignore a host mismatch in the X.500 cert?

I have different elasticsearch domains for dev and prod. I'd like to have one fluentd conf (actually a docker image) that works in both dev and prod. I'd like to set the endpoint url to a domain name that we can vary in each environment, for example in different DNS zones, or pass in as an --add-host or Environment property to the container.

I tried using a domain (shown below as es.mydomain.com) in the endpoint url, but I'm seeing the following error:

2017-11-06 21:22:27 +0000 [warn]: #0 failed to flush the buffer. retry_time=4 next_retry_seconds=2017-11-06 21:22:27 +0000 chunk="55d570c043428d9eb6051e904e4ab690" error_class=Faraday::SSLError error="hostname \"es.mydomain.com\" does not match the server certificate (OpenSSL::SSL::SSLError)

Any suggestions to ignore the mismatch? Or are there alternate patterns for image portability?

Thanks! Mark

marksawersw avatar Nov 06 '17 21:11 marksawersw

+1

Tiny-wlx avatar May 09 '18 02:05 Tiny-wlx

Could you add ssl_verify false, which is originated from original ES plguin, into your configuration?

cosmo0920 avatar Feb 04 '19 06:02 cosmo0920

Or, I'm sending the PR to support verify_hostname option: https://github.com/lostisland/faraday/pull/1172 But the PR is not merged yet.

cosmo0920 avatar Aug 24 '20 04:08 cosmo0920