Add server.publicBaseUrl config
#85075
Conversation
joshdover
added
Team:Core
|
Pinging @elastic/kibana-core (Team:Core) |
I'm wondering if that's a technical limitation or an opinionated decision? I could see scenarios where Kibana is using a basePath, but behind a reverse proxy, and where the public url does not have the said basePath? |
I added this validation explicitly, so we should be able to do whatever we'd like here. My goal here is to make getting this config right as easy as possible (or for it to be obvious when it is wrong). The case you mentioned, I'm not too familiar with why someone would want to do that, but I do understand it is possible. Without any data to back up not supporting that, we should probably allow that deployment topology somehow. I see two options:
Given that we plan to add a client-side warning if the user accesses Kibana with a different option than what is configured in |
I'm honestly not sure this is even a real need, I was mostly asking. I'm even wondering if everything would work fine on the client-side with such configuration, as we are doing a lot of checks based on the |
You are correct, this actually doesn't work. I verified this with nginx to show the problem. It's very apparent with just the login redirect. Kibana will include the # nginx.conf
server {
listen 5610;
server_name mydomain;
location / {
proxy_pass http://127.0.0.1:5601/base-path;
}
}$ yarn start --server.basePath=/base-path$ curl mydomain:5610 -v
< HTTP/1.1 302 Found
< Server: nginx/1.19.3
< Date: Tue, 08 Dec 2020 17:30:39 GMT
< Content-Type: application/octet-stream
< Content-Length: 0
< Connection: keep-alive
< location: /base-path/login?next=%2Fbase-path%2FI'm going to opt for leaving the validation as-is then, which verified that |
| constructor(serverBasePath: string = '') { | ||
| constructor(serverBasePath: string = '', publicBaseUrl?: string) { | ||
| this.serverBasePath = serverBasePath; | ||
| this.publicBaseUrl = publicBaseUrl; | ||
| } |
There was a problem hiding this comment.
I'm wondering if the integrity check between basePath and publicBaseUrl's path should be done here instead of src/core/server/http/http_config.ts. I guess by doing that in the config, we fail a little faster, but OTOH we can (programmatically) instantiate the service in an invalid state. Probably fine as it is right now.
There was a problem hiding this comment.
I think for consistency it's best we do validation in a single place. If we want to make HttpConfig more robust, we should switch to a pattern where all validation is done in the constructor.
| @@ -106,6 +108,17 @@ export const config = { | |||
| if (!rawConfig.basePath && rawConfig.rewriteBasePath) { | |||
| return 'cannot use [rewriteBasePath] when [basePath] is not specified'; | |||
| } | |||
|
|
|||
| if (rawConfig.publicBaseUrl) { | |||
| const parsedUrl = url.parse(rawConfig.publicBaseUrl); | |||
There was a problem hiding this comment.
We don't need to try/catch the url.parse call because we are using schema.uri, right?
There was a problem hiding this comment.
Yeah I'm relying on config-schema/Joi here implicitly.
| if (parsedUrl.path !== (rawConfig.basePath ?? '/')) { | ||
| return `[publicBaseUrl] must contain the [basePath]: ${parsedUrl.path} !== ${rawConfig.basePath}`; | ||
| } |
There was a problem hiding this comment.
Does url.parse('http://myhost.com:4').path === '/'? I'm unsure, looking at the tests.
There was a problem hiding this comment.
Yes, the path is / when there is no path in the input URL. I'll add a test to make this more clear / ensure it doesn't break
There was a problem hiding this comment.
Actually I believe this covers this:
expect(() => httpSchema.validate({ publicBaseUrl: 'http://myhost.com' })).not.toThrow();
expect(() => httpSchema.validate({ publicBaseUrl: 'http://myhost.com/' })).not.toThrow();
💚 Build SucceededMetrics [docs]Distributable file count
Page load bundle
History
To update your PR or re-run it, just comment with: |
…k-field-to-hot-phase * 'master' of github.com:elastic/kibana: (429 commits) simplify popover open state logic (elastic#85379) [Logs UI][Metrics UI] Move actions to the kibana header (elastic#84648) [Search Source] Do not pick scripted fields if * provided (elastic#85133) [Search] Session SO polling (elastic#84225) [Transform] Replace legacy elasticsearch client (elastic#84932) [Uptime]Refactor header and action menu (elastic#83779) Fix agg select external link (elastic#85380) [ILM] Show forcemerge in hot when rollover is searchable snapshot is enabled (elastic#85292) clear using keyboard (elastic#85042) [GS] add tag and dashboard suggestion results (elastic#85144) [ML] API integration tests - skip GetAnomaliesTableData Add ECS field for event.code. (elastic#85109) [Functional][TSVB] Wait for markdown textarea to be cleaned (elastic#85128) skip flaky suite (elastic#62060) skip flaky suite (elastic#85098) Bump highlight.js to v9.18.5 (elastic#84296) Add `server.publicBaseUrl` config (elastic#85075) [Alerting & Actions ] More debug logging (elastic#85149) [Security Solution][Case] Manual attach alert to a case (elastic#82996) Loosen UUID regex to accept uuidv1 or uuidv4 (elastic#85338) ... # Conflicts: # x-pack/plugins/index_lifecycle_management/__jest__/client_integration/edit_policy/edit_policy.helpers.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/hot_phase/hot_phase.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/shared_fields/index.ts # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/warm_phase/warm_phase.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/edit_policy.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/i18n_texts.ts # x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts
Summary
Fixes first part of #45815
This adds a new
server.publicBaseUrlconfiguration option and exposes it to plugins via thecore.basePath.publicBaseUrlon both the client and server sides.A couple of points for discussion:
Currently, this configuration option is not required and Core does not attempt to provide a default to plugins. This is intentional so that plugins may determine the best solution when the user has not explicitly configured this.
This configuration is currently validated in a way that ensures that the configured URL matches the
server.basePathif configured. Alternatively, we could only require that the user configures the protocol, host, and port and we could automatically append the basePath to this URL. I couldn't decide which error state would be less confusing to the user:We could also try to be smart here and only append the basePath if no pathname is already present, but I prefer to keep things simple here to eliminate any confusion that could arise.
To be done in follow up PRs:
http://localhost:5601Add "network.publish_host" style configuration in Kibana #45815 (comment)core.http.getServerInfo()and determine if publicBaseUrl is more appropriate in those usages. Add "network.publish_host" style configuration in Kibana #45815 (comment)Checklist
Delete any items that are not applicable to this PR.
For maintainers