From 909e65b3e8525c101cbe0fcad85ada4b5c3e42eb Mon Sep 17 00:00:00 2001 From: Ry Biesemeyer Date: Thu, 14 Oct 2021 06:07:00 +0000 Subject: [PATCH] api: when configured securely, bind to all available interfaces by default --- docs/static/settings-file.asciidoc | 1 + logstash-core/lib/logstash/webserver.rb | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/static/settings-file.asciidoc b/docs/static/settings-file.asciidoc index 724cfcdc092..7c3ac4434eb 100644 --- a/docs/static/settings-file.asciidoc +++ b/docs/static/settings-file.asciidoc @@ -246,6 +246,7 @@ Values other than `disabled` are currently considered BETA, and may produce unin | `api.http.host` | The bind address for the HTTP API endpoint. By default, the {ls} HTTP API binds only to the local loopback interface. + When configured securely (`api.ssl.enabled: true` and `api.auth.type: basic`), the HTTP API binds to _all_ available interfaces. | `"127.0.0.1"` | `api.http.port` diff --git a/logstash-core/lib/logstash/webserver.rb b/logstash-core/lib/logstash/webserver.rb index b17b2221340..d76f99daddf 100644 --- a/logstash-core/lib/logstash/webserver.rb +++ b/logstash-core/lib/logstash/webserver.rb @@ -33,7 +33,7 @@ class WebServer def self.from_settings(logger, agent, settings) options = {} - options[:http_host] = settings.get('api.http.host') + options[:http_host] = settings.get('api.http.host') # may be overridden later if API configured securely options[:http_port] = settings.get('api.http.port') options[:http_environment] = settings.get('api.environment') @@ -52,6 +52,13 @@ def self.from_settings(logger, agent, settings) options[:auth_basic] = auth_basic.freeze end + if !settings.set?('api.http.host') + if settings.get('api.ssl.enabled') && settings.get('api.auth.type') == 'basic' + logger.info("API configured securely with SSL and Basic Auth. Defaulting `api.http.host` to all available interfaces") + options[:http_host] = '0.0.0.0' + end + end + new(logger, agent, options) end