Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow Insecure HTTPS #2913

Merged
merged 7 commits into from
Oct 25, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions config.yml.example
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,11 @@
#elasticsearch.ssl: true
#
#
## Whether to perform verification checks for server certificates using CA bundle.
kmitul marked this conversation as resolved.
Show resolved Hide resolved
## This option should be avoided in production.
#elasticsearch.verify_certs: true
#
#
## Path to a CA bundle, e.g. /path/to/ca.crt
#elasticsearch.ca_certs: null
#
Expand Down
1 change: 1 addition & 0 deletions connectors/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ def _default_config():
"username": "elastic",
"password": "changeme",
"ssl": True,
"verify_certs": True,
"bulk": {
"queue_max_size": 1024,
"queue_max_mem_size": 25,
Expand Down
13 changes: 8 additions & 5 deletions connectors/es/client.py
Original file line number Diff line number Diff line change
Expand Up @@ -87,11 +87,14 @@ def __init__(self, config):
logger.debug(f"Connecting using Basic Auth (user: {config['username']})")

if config.get("ssl", False):
options["verify_certs"] = True
if "ca_certs" in config:
ca_certs = config["ca_certs"]
logger.debug(f"Verifying cert with {ca_certs}")
options["ca_certs"] = ca_certs
options["verify_certs"] = config.get("verify_certs", True)
kmitul marked this conversation as resolved.
Show resolved Hide resolved
if options["verify_certs"]:
if "ca_certs" in config:
ca_certs = config["ca_certs"]
logger.debug(f"Verifying cert with {ca_certs}")
options["ca_certs"] = ca_certs
else:
logger.debug("Verifying cert with system certificates")

level = config.get("log_level", "INFO").upper()
es_logger = logging.getLogger("elastic_transport.node")
Expand Down
16 changes: 11 additions & 5 deletions docs/DOCKER.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,12 @@ Please refer to the following Docker image registry to access and pull available

Follow these steps:

1. [Create network](#1-create-a-docker-network)
2. [Create directory](#2-create-a-directory-to-be-mounted-into-the-docker-image)
3. [Download config file](#3-download-sample-configuration-file-from-this-repository-into-newly-created-directory)
4. [Update config file](#4-update-the-configuration-file-for-your-self-managed-connectorhttpswwwelasticcoguideenenterprise-searchcurrentbuild-connectorhtmlbuild-connector-usage)
5. [Run the docker image](#5-run-the-docker-image)
- [Run Connector Service in Docker](#run-connector-service-in-docker)
- [1. Create a Docker network.](#1-create-a-docker-network)
- [2. Create a directory to be mounted into the Docker image.](#2-create-a-directory-to-be-mounted-into-the-docker-image)
- [3. Download sample configuration file from this repository into newly created directory.](#3-download-sample-configuration-file-from-this-repository-into-newly-created-directory)
- [4. Update the configuration file for your self-managed connector](#4-update-the-configuration-file-for-your-self-managed-connector)
- [5. Run the Docker image.](#5-run-the-docker-image)

## 1. Create a Docker network.

Expand Down Expand Up @@ -111,3 +112,8 @@ You might need to adjust some details here:
> ```
> elasticsearch.ca_certs: /usr/share/connectors/config/certs/ca/ca.crt
> ```
> 3. To avoid the certificate verification, configure `verify_certs` parameter which is `true` by default when SSL is enabled in connector service's `config.yml` as:
> ```
> elasticsearch.verify_certs: false
> ```
> Disclaimer: Setting `verify_certs` to `false` is not recommended in a production environment, as it may expose your application to security vulnerabilities.
Loading