cerebro
cerebro copied to clipboard
lmenezes
support elasticsearch on https ?
Hi,
i have es which is running on ssl. normally we use key and cert to connect from outside.
can cerebro support this ?
@atomwangnus To support this you have to installe a service in front of cerebro who can take care of this like a really simple apache that redirect to a virtualhost in his config file. That's the simplest solution for me.
Or you can add a HAProxy in front, if you configure it, it will behave exactly as apache but it's a bit overkill just to setup this
@atomwangnus To support this you have to installe a service in front of cerebro who can take care of this like a really simple apache that redirect to a virtualhost in his config file. That's the simplest solution for me.
Or you can add a HAProxy in front, if you configure it, it will behave exactly as apache but it's a bit overkill just to setup this
are you understanding the question correctly? he's asking about cerebro connecting to ES, but ES is the one protected w/ ssl...
i have the same question
For heads up:
Cerebro does not work when xpack.security.http.ssl.enabled is set to true.
It gives "403" (forbidden) error.
Cerebro does not give username/password prompt... no matter if CA is set or Cert validation is disabled:
/opt/cerebro/conf/application.conf:
...
play.ws.ssl {
trustManager = {
stores = [
{ type = "PEM", path = "/etc/cerebro/elasticsearch-ca.pem" }
]
}
}
# Disabling certificate validation
#play.ws.ssl.loose.acceptAnyCertificate=true
The only way to make this work is to use the list of known hosts with the specified creds:
# A list of known hosts
hosts = [
{
host = "https://es-cluster-01:9200"
name = "ES Cluster"
auth = {
username = "elastic"
password = "REDACTED"
}
}
]
https://github.com/lmenezes/cerebro/issues/473#issuecomment-1190027252
