documentation-website icon indicating copy to clipboard operation
documentation-website copied to clipboard

Published 20 hours ago verified publisher icon opensearch-project

[DOC]: Clarify self-signed certs in security config

Open Franz-Ritter opened this issue 1 year ago • 1 comments

What do you want to do?

  • [ x] Request a change to existing documentation
  • [ ] Add new documentation
  • [ ] Report a technical problem with the documentation
  • [ ] Other

Tell us about your request. Provide a summary of the request and all versions that are affected.

I tried to enable https by creating a self signed certificate as described in https://opensearch.org/docs/latest/security/configuration/generate-certificates/ However, after I configured by docker-compose to use the certificates and the properties described on this page, my dashboard node reponde with the errors:

{"type":"log","@timestamp":"20xx-xx-xxTxx:xx:xxZ","tags":["error","opensearch","data"],"pid":1,"message":"[ConnectionError]: self signed certificate"}

After comparing the default configuration file opensearch_dashboards.yml on the image from opensearchproject/opensearch-dashboards I realized that the confi has the property server.host: '0.0.0.0' defined, which was missing in the example on this page. Ading this information solved my problem. Therefore, I would suggest to add this property to the documentation

What other resources are available? Provide links to related issues, POCs, steps for testing, etc.

Franz-Ritter avatar Apr 27 '23 13:04 Franz-Ritter

@Franz-Ritter Thanks for raising this issue. It clearly needs some attention. Could you give me a little more detail about these items:

  1. Just for clarification: You found the server.host setting in opensearch_dashboards.yml from your image set to 0.0.0.0. And when you changed the setting value to match the same in the example opensearch_dashboards.yml file in the opensearchproject/opensearch-dashboards repo (which uses the value "localhost"), you got no error and were able to connect. Is that correct? (or the other way around: you changed the localhost value to 0.0.0.0 in your opensearch_dashboards.yml file?)
  2. Are you certain the error is directly related to an implementation using the self-signed certificates? Did you try connect with the demo certificates (without getting an error)?
  3. Is there a specific step/point in the current Generating self-signed certificates documentation where this new understanding about the server.host setting value would have helped avoid the original problem? Again, much appreciation for raising the issue.

cwillum avatar May 08 '23 20:05 cwillum

@hdhalter I'll take this one

AntonEliatra avatar May 13 '24 17:05 AntonEliatra

Thanks, @AntonEliatra ! @scrawfor99 - can you please sign off for technical accuracy? https://github.com/opensearch-project/documentation-website/pull/7134

hdhalter avatar May 13 '24 19:05 hdhalter