-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Ingest Manager] Kibana does not take into account proxy for package download #70710
Comments
Pinging @elastic/ingest-management (Feature:EPM) |
working in the banking industry. There is no chance of allowing direct connections from Kibana to the web. Please fix this |
@kkh-security-distractions Can you share a bit more details on what the requirements for your environment are? Does it just need to go through a proxy or does it need to run inside your environment? The more details the better. |
I think the basics are they want the kibana server process to talk to the package registry via a proxy server ( they have set this in their container env) I can see a change to add proxy support for alerting actions here ( however im guessing this will just be actions right now) |
Hello, Yes we need to through a proxy server for every external HTTP requests. I use environnement proxy variables in my container, I wish them to be used for the artifacts download. It can also be a specific parameter in the Kibana configuration file, it does not matter. Without the ability to use a proxy server, I think many companies like bank (I am in telecom) will not be able to use those nice features of Ingest Manager. I hope I have been cleared, fell free to ask if I wasn't. |
I have two different scenarios:
|
I can confirm this is an issue with Kibana installed on Windows Server 2012 R2. We have a production environment where all 80/443 traffic must go through a web proxy. I've run into this problem with a variety of the Elastic Stack applications. It's very surprising that, for an enterprise targeted application, this isn't something that is baked into the advanced settings page or at the very least, a setting in the app config file. |
I see there is the property xpack.ingestManager.registryUrl used to specify a different registryUrl. Is there a documented way to have a local registryUrl, and in what this should be different from the default one? How to enroll packages into the registry? |
I wonder if we could use that URL with a proxy pass or similar in Apache+NGINX to then redirect out to the net |
I thought about that, like a man in the middle attack, with a proxy forwarder. I did not had the time to try also this is https, problem with certificate can occur with https. |
we will try the same. |
Hi, Is this issue resolved yet? |
@akshat5195 No, the issue is still open. We will close it when it is completed. |
Do we have any ETA? It will be in the same release (7.9.1) |
We have now an open PR to add proxy support here: #78648 Would be great if some contributors on this issue could have a look at the PR to see if that solves their current issue. |
@ruflin I was unable to find the artifact in the referenced pull request. Is there a location where I can download it? I only found the Typescript files in the PR and I seem to need the transpiled Javascript files |
@wolframhaussig Until the PR merges, you'll have to checkout the PR branch, then build Kibana locally and After it merges (and some build/publish delay) I believe it'll be available as a SNAPSHOT image on https://artifacts-api.elastic.co/v1/search/8.0-SNAPSHOT/kibana |
…ing Registry (#78648) ## Summary If given a `xpack.fleet.registryProxyUrl` setting, Package Manager will use it when contacting the Registry. This only affects the outbound connection Package Manager makes to the Registry to search for available packages, download assets, etc. ### Configuration <details><summary><strike>Initial PR: common environment variables</strike></summary> <p>Currently the value must come from a <a href="https://github.com/Rob--W/proxy-from-env#environment-variables">list of popular environment variables</a> which include <code>ALL_PROXY</code>, <code>HTTPS_PROXY</code>, lowercase versions of those, and many more.</p> <p>Start kibana with a proxy set in an environment variable like: <code>HTTPS_PROXY=https://localhost:8443 yarn start</code></p> </details> _update_ based on discussion in the comments, the initial environment variables approach was removed in favor of `xpack.ingestManager.registryProxyUrl` #### see #78968 for additional configuration coming later ### Checklist - [ ] ~~[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials.~~ Created #78961 to track - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Created #78968 to track the additional configuration work refs #70710
…ing Registry (#78648) (#79758) ## Summary If given a `xpack.fleet.registryProxyUrl` setting, Package Manager will use it when contacting the Registry. This only affects the outbound connection Package Manager makes to the Registry to search for available packages, download assets, etc. ### Configuration <details><summary><strike>Initial PR: common environment variables</strike></summary> <p>Currently the value must come from a <a href="https://github.com/Rob--W/proxy-from-env#environment-variables">list of popular environment variables</a> which include <code>ALL_PROXY</code>, <code>HTTPS_PROXY</code>, lowercase versions of those, and many more.</p> <p>Start kibana with a proxy set in an environment variable like: <code>HTTPS_PROXY=https://localhost:8443 yarn start</code></p> </details> _update_ based on discussion in the comments, the initial environment variables approach was removed in favor of `xpack.ingestManager.registryProxyUrl` #### see #78968 for additional configuration coming later ### Checklist - [ ] ~~[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials.~~ Created #78961 to track - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Created #78968 to track the additional configuration work refs #70710
Kibana version:
7.8.0
Elasticsearch version:
7.8.0
Original install method (e.g. download page, yum, from source, etc.):
I used ECK 1.1.2
Describe the bug:
Kibana server with ingest manager enable won't take into account proxy environment variable for package download.
Steps to reproduce:
1.
config :
Add proxy env variable
Start kibana.
Expected behavior:
Kibana starting with ingest manager enable.
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Kibana server logs:
Any additional context:
I deployed this kibana instance in a network environment who does not allow internet connection without proxy settings.
I tried the url with curl and the proxy and it works.
Thanks in advance.
The text was updated successfully, but these errors were encountered: