-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add server.publicBaseUrl
config
#85075
Conversation
Pinging @elastic/kibana-core (Team:Core) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I encountered an issue during my testing, see comment below.
In the PR description, I think it should be core.http.basePath.publicBaseUrl
instead of core.basePath.publicBaseUrl
?
I'm wondering if that's a technical limitation or an opinionated decision? I could see scenarios where Kibana is using a basePath, but behind a reverse proxy, and where the public url does not have the said basePath? |
I added this validation explicitly, so we should be able to do whatever we'd like here. My goal here is to make getting this config right as easy as possible (or for it to be obvious when it is wrong). The case you mentioned, I'm not too familiar with why someone would want to do that, but I do understand it is possible. Without any data to back up not supporting that, we should probably allow that deployment topology somehow. I see two options:
Given that we plan to add a client-side warning if the user accesses Kibana with a different option than what is configured in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I finished my local testing for alerting's use case and it works for us 👍 thanks!
I'm honestly not sure this is even a real need, I was mostly asking. I'm even wondering if everything would work fine on the client-side with such configuration, as we are doing a lot of checks based on the |
You are correct, this actually doesn't work. I verified this with nginx to show the problem. It's very apparent with just the login redirect. Kibana will include the # nginx.conf
server {
listen 5610;
server_name mydomain;
location / {
proxy_pass http://127.0.0.1:5601/base-path;
}
} $ yarn start --server.basePath=/base-path $ curl mydomain:5610 -v
< HTTP/1.1 302 Found
< Server: nginx/1.19.3
< Date: Tue, 08 Dec 2020 17:30:39 GMT
< Content-Type: application/octet-stream
< Content-Length: 0
< Connection: keep-alive
< location: /base-path/login?next=%2Fbase-path%2F I'm going to opt for leaving the validation as-is then, which verified that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
constructor(serverBasePath: string = '') { | ||
constructor(serverBasePath: string = '', publicBaseUrl?: string) { | ||
this.serverBasePath = serverBasePath; | ||
this.publicBaseUrl = publicBaseUrl; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering if the integrity check between basePath
and publicBaseUrl
's path should be done here instead of src/core/server/http/http_config.ts
. I guess by doing that in the config, we fail a little faster, but OTOH we can (programmatically) instantiate the service in an invalid state. Probably fine as it is right now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think for consistency it's best we do validation in a single place. If we want to make HttpConfig
more robust, we should switch to a pattern where all validation is done in the constructor.
@@ -106,6 +108,17 @@ export const config = { | |||
if (!rawConfig.basePath && rawConfig.rewriteBasePath) { | |||
return 'cannot use [rewriteBasePath] when [basePath] is not specified'; | |||
} | |||
|
|||
if (rawConfig.publicBaseUrl) { | |||
const parsedUrl = url.parse(rawConfig.publicBaseUrl); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need to try/catch the url.parse
call because we are using schema.uri
, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I'm relying on config-schema/Joi here implicitly.
if (parsedUrl.path !== (rawConfig.basePath ?? '/')) { | ||
return `[publicBaseUrl] must contain the [basePath]: ${parsedUrl.path} !== ${rawConfig.basePath}`; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does url.parse('http://myhost.com:4').path === '/'
? I'm unsure, looking at the tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the path is /
when there is no path in the input URL. I'll add a test to make this more clear / ensure it doesn't break
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually I believe this covers this:
expect(() => httpSchema.validate({ publicBaseUrl: 'http://myhost.com' })).not.toThrow();
expect(() => httpSchema.validate({ publicBaseUrl: 'http://myhost.com/' })).not.toThrow();
💚 Build SucceededMetrics [docs]Distributable file count
Page load bundle
History
To update your PR or re-run it, just comment with: |
…k-field-to-hot-phase * 'master' of github.com:elastic/kibana: (429 commits) simplify popover open state logic (elastic#85379) [Logs UI][Metrics UI] Move actions to the kibana header (elastic#84648) [Search Source] Do not pick scripted fields if * provided (elastic#85133) [Search] Session SO polling (elastic#84225) [Transform] Replace legacy elasticsearch client (elastic#84932) [Uptime]Refactor header and action menu (elastic#83779) Fix agg select external link (elastic#85380) [ILM] Show forcemerge in hot when rollover is searchable snapshot is enabled (elastic#85292) clear using keyboard (elastic#85042) [GS] add tag and dashboard suggestion results (elastic#85144) [ML] API integration tests - skip GetAnomaliesTableData Add ECS field for event.code. (elastic#85109) [Functional][TSVB] Wait for markdown textarea to be cleaned (elastic#85128) skip flaky suite (elastic#62060) skip flaky suite (elastic#85098) Bump highlight.js to v9.18.5 (elastic#84296) Add `server.publicBaseUrl` config (elastic#85075) [Alerting & Actions ] More debug logging (elastic#85149) [Security Solution][Case] Manual attach alert to a case (elastic#82996) Loosen UUID regex to accept uuidv1 or uuidv4 (elastic#85338) ... # Conflicts: # x-pack/plugins/index_lifecycle_management/__jest__/client_integration/edit_policy/edit_policy.helpers.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/hot_phase/hot_phase.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/shared_fields/index.ts # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/warm_phase/warm_phase.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/edit_policy.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/i18n_texts.ts # x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts
Summary
Fixes first part of #45815
This adds a new
server.publicBaseUrl
configuration option and exposes it to plugins via thecore.basePath.publicBaseUrl
on both the client and server sides.A couple of points for discussion:
Currently, this configuration option is not required and Core does not attempt to provide a default to plugins. This is intentional so that plugins may determine the best solution when the user has not explicitly configured this.
This configuration is currently validated in a way that ensures that the configured URL matches the
server.basePath
if configured. Alternatively, we could only require that the user configures the protocol, host, and port and we could automatically append the basePath to this URL. I couldn't decide which error state would be less confusing to the user:We could also try to be smart here and only append the basePath if no pathname is already present, but I prefer to keep things simple here to eliminate any confusion that could arise.
To be done in follow up PRs:
http://localhost:5601
Add "network.publish_host" style configuration in Kibana #45815 (comment)core.http.getServerInfo()
and determine if publicBaseUrl is more appropriate in those usages. Add "network.publish_host" style configuration in Kibana #45815 (comment)Checklist
Delete any items that are not applicable to this PR.
For maintainers