forked from fangli/kibana-authentication-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.js
124 lines (107 loc) · 5.41 KB
/
config.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
module.exports = {
////////////////////////////////////
// ElasticSearch Backend Settings
////////////////////////////////////
"es_host": "localhost", // The host of Elastic Search
"es_port": 9200, // The port of Elastic Search
"es_using_ssl": false, // If the ES is using SSL(https)?
"es_username": "", // The basic authentication user of ES server, leave it blank if no basic auth applied
"es_password": "", // The password of basic authentication of ES server, leave it blank if no basic auth applied.
"base_path": "/kibana",
////////////////////////////////////
// Proxy server configurations
////////////////////////////////////
// Which port listen to
"listen_port": 9201,
// Control HTTP max-Age header. Whether the browser cache static kibana files or not?
// 0 for no-cache, unit in millisecond, default to 0
// We strongly recommand you set to a larger number such as 2592000000(a month) to get a better loading speed
"brower_cache_maxage": 0,
// Enable SSL protocol
"enable_ssl_port": false,
// The following settings are valid only when enable_ssl_port is true
"listen_port_ssl": 4443,
// Use absolute path for the key file
"ssl_key_file": "POINT_TO_YOUR_SSL_KEY",
// Use absolute path for the certification file
"ssl_cert_file": "POINT_TO_YOUR_SSL_CERT",
// The ES index for saving kibana dashboards
// default to "kibana-int"
// With the default configuration, all users will use the same index for kibana dashboards settings,
// But we support using different kibana settings for each user.
// If you want to use different kibana indices for individual users, use %user% instead of the real username
// Since we support multiple authentication types(google, cas or basic), you must decide which one you gonna use.
// Bad English:D
// For example:
// Config "kibana_es_index": "kibana-int-for-%user%", "which_auth_type_for_kibana_index": "basic"
// will use kibana index settings like "kibana-int-for-demo1", "kibana-int-for-demo2" for user demo1 and demo2.
// in this case, if you enabled both Google Oauth2 and BasicAuth, and the username of BasicAuth is the boss.
"kibana_es_index": "kibana-int", // "kibana-int-%user%"
"which_auth_type_for_kibana_index": "cas", // google, cas or basic
////////////////////////////////////
// Security Configurations
////////////////////////////////////
// Cookies secret
// Please change the following secret randomly for security.
"cookie_secret": "REPLACE_WITH_A_RANDOM_STRING_PLEASE",
////////////////////////////////////
// Kibana3 Authentication Settings
// Currently we support 3 different auth methods: Google OAuth2, Basic Auth and CAS SSO.
// You can use one of them or both
////////////////////////////////////
// =================================
// Google OAuth2 settings
// Enable? true or false
// When set to false, google OAuth will not be applied.
"enable_google_oauth": false,
// We use the following redirect URI:
// http://YOUR-KIBANA-SITE:[listen_port]/auth/google/callback
// Please add it in the google developers console first.
// The client ID of Google OAuth2
"client_id": "",
"client_secret": "", // The client secret of Google OAuth2
"allowed_emails": ["*"], // An emails list for the authorized users
// =================================
// Basic Authentication Settings
// The following config is different from the previous basic auth settings.
// It will be applied on the client who access kibana3.
// Enable? true or false
"enable_basic_auth": false,
// If basic_auth_file is specified and exists, the user password combinations
// are read from the named file and overrule the here defined settings from
// array basic_auth_users.
// File format is one combination per line split by first appearing colon
// e.g.
// user1:password1
// user2:password2
"basic_auth_file": "",
// Multiple user/passwd supported
// The User&Passwd list for basic auth
"basic_auth_users": [
{"user": "demo1", "password": "pwd1"},
{"user": "demo1", "password": "pwd2"},
],
// =================================
// CAS SSO Login
// Enable? true or false
"enable_cas_auth": false,
// Point to the CAS authentication URL
"cas_server_url": "https://point-to-the-cas-server/cas",
// CAS protocol version, one of 1.0 or 2.0
"cas_protocol_version": 1.0,
// =================================
// IndexFilter
// if defined links to a flatfile in user:regex\n notation with regex applied to wished elasticsearch indizes
// for example:
// userA:^logstash-product-.+
// userB:^logstash-.+
//
// which translates to userA being allowed to access only indizes which start with logstash-product- and userB
// to be allowed to see everything which starts with logstash-
// "index_filter_file": "/point-to-your-index-filter-file/index.filter",
// =================================
// IndexTrigger
// if defined is a regex which determines (most time the prefix) for which index filtering will be applied
// this is to allow generix indizes (like /_nodes or /kibana-int-username) to pass through unfiltered
// "index_filter_trigger": '^logstash-',
};