Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add elasticsearch ssl options #5499

Merged
merged 2 commits into from
Aug 6, 2022
Merged

feat: add elasticsearch ssl options #5499

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9e9bada
feat: add elasticsearch ssl options
Hexaflexagon Jul 22, 2022
2a653fc
feat: add elasticsearch ssl options
Hexaflexagon Aug 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 14 additions & 5 deletions server/modules/search/elasticsearch/definition.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,28 +20,37 @@ props:
title: Host(s)
hint: Comma-separated list of Elasticsearch hosts to connect to, including the port, username and password if necessary. (e.g. http://localhost:9200, https://user:[email protected]:9200)
order: 2
verifyTLSCertificate:
title: Verify TLS Certificate
type: Boolean
default: true
order: 3
tlsCertPath:
title: TLS Certificate Path
type: String
hint: Absolute path to the TLS certificate on the server.
order: 4
indexName:
type: String
title: Index Name
hint: The index name to use during creation
default: wiki
order: 3
order: 5
analyzer:
type: String
title: Analyzer
hint: 'The token analyzer in elasticsearch'
default: simple
order: 4
order: 6
sniffOnStart:
type: Boolean
title: Sniff on start
hint: 'Should Wiki.js attempt to detect the rest of the cluster on first connect? (Default: off)'
default: false
order: 5
order: 7
sniffInterval:
type: Number
title: Sniff Interval
hint: '0 = disabled, Interval in seconds to check for updated list of nodes in cluster. (Default: 0)'
default: 0
order: 6

order: 8
21 changes: 21 additions & 0 deletions server/modules/search/elasticsearch/engine.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
const _ = require('lodash')
const stream = require('stream')
const Promise = require('bluebird')
const fs = require('fs')
const pipeline = Promise.promisify(stream.pipeline)

/* global WIKI */
Expand All @@ -24,6 +25,7 @@ module.exports = {
nodes: this.config.hosts.split(',').map(_.trim),
sniffOnStart: this.config.sniffOnStart,
sniffInterval: (this.config.sniffInterval > 0) ? this.config.sniffInterval : false,
ssl: getTlsOptions(this.config),
name: 'wiki-js'
})
break
Expand All @@ -33,6 +35,7 @@ module.exports = {
nodes: this.config.hosts.split(',').map(_.trim),
sniffOnStart: this.config.sniffOnStart,
sniffInterval: (this.config.sniffInterval > 0) ? this.config.sniffInterval : false,
ssl: getTlsOptions(this.config),
name: 'wiki-js'
})
break
Expand Down Expand Up @@ -351,3 +354,21 @@ module.exports = {
WIKI.logger.info(`(SEARCH/ELASTICSEARCH) Index rebuilt successfully.`)
}
}

function getTlsOptions(conf) {
if (!conf.tlsCertPath) {
return {
rejectUnauthorized: conf.verifyTLSCertificate,
}
}

const caList = []
if (conf.verifyTLSCertificate) {
caList.push(fs.readFileSync(conf.tlsCertPath))
}

return {
rejectUnauthorized: conf.verifyTLSCertificate,
ca: caList
}
}