-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support httpsProxy in OpenSearch Dashboards for OIDC support #911
Comments
@sastorsl Please check the following steps to set up Proxy server for OpenSearch Dashboard using OIDC authentication type. Environments Used:
Configuration:1. Install and Config Proxy Server (Nginx Proxy):
2. OpenSearch Dashboard Configuration
3. IDP Configuration (IDP: Okta)
|
Sorry for not responding earlier. We are doing something like this how, only using an A good solution would be that OpenSearch Dashboards supported proxy directly. |
Hello, Some news about the support of these settings ? Thanks |
Dear, Have also issue when configuring alert to slack channel. Opensearch Dashboard is ignoring system proxy. |
If you are behind a proxy you need to add below configs to your “/etc/opensearch/jvm.options” file -Dhttp.proxyHost=proxy.example.com notifications works. |
This will apply to OpenSearch proper, but not to OpenSearch Dashboard which the |
I really need this |
@DavidoRotho This PR was merged recently and will be released in 2.12 in January. #1650 Would this PR solve the issue? |
https://github.com/opensearch-project/security-dashboards-plugin/blob/main/server/auth/types/openid/routes.ts#L90 - Again, this is for when OpenSearch Dashboards is installed with no direct internet access, but has to go through a explicitly defined proxy server. opensearch-dashboards --> https_proxy --> OIDC-provider There are quite a few issues regarding this floating around, such as nodejs/node#8381 Different software, browsers, etc., have various options for how you configure this as an environment variable http_proxy=<proxy-host>
https_proxy=<proxy-host>
HTTP_PROXY=<proxy-host>
HTTPS_PROXY=<proxy-host>
http.proxyHost=<proxy-host> # java |
@sastorsl we are hitting this issue as well. The above solution that was posted by @aoguan1990 is unclear to me. What is your current work around to allow OIDC to reach out to login.microsoftonline.com when a https_proxy like squid is required ? |
+1 we have the same problem here |
WORKAROUND:
See i.e. fluxcd/source-controller#131 (comment) for a similar discussion. |
+1 we have the same problem here |
To have proxy support this code https://github.com/opensearch-project/security-dashboards-plugin/blob/2.14.0.0/server/auth/types/openid/openid_auth.ts#L179-L190 should you ProxyAgent instead of HTTP.Agent or HTTPs.Agent |
Resolves: opensearch-project#911 Signed-off-by: manuelraa <kontakt@manuel-rapp.de>
Resolves: opensearch-project#911 Signed-off-by: manuelraa <kontakt@manuel-rapp.de>
Resolves: opensearch-project#911 Signed-off-by: manuelraa <kontakt@manuel-rapp.de>
Resolves: opensearch-project#911 Signed-off-by: manuelraa <kontakt@manuel-rapp.de>
* feat: http proxy support for oidc Resolves: #911 Signed-off-by: manuelraa <kontakt@manuel-rapp.de> * chore: reduce code duplication for agent configuration Signed-off-by: Manuelraa <kontakt@manuel-rapp.de> --------- Signed-off-by: manuelraa <kontakt@manuel-rapp.de> Signed-off-by: Manuelraa <kontakt@manuel-rapp.de> (cherry picked from commit fe847af)
* feat: http proxy support for oidc Resolves: #911 Signed-off-by: manuelraa <kontakt@manuel-rapp.de> * chore: reduce code duplication for agent configuration Signed-off-by: Manuelraa <kontakt@manuel-rapp.de> --------- Signed-off-by: manuelraa <kontakt@manuel-rapp.de> Signed-off-by: Manuelraa <kontakt@manuel-rapp.de> (cherry picked from commit fe847af) Co-authored-by: Manuelraa <manuel@bloodycrystals.de>
Is your feature request related to a problem? Please describe.
When configuring OIDC OpenSearch Dashboards needs to connect with https to our outside OIDC / OpenID Connect provider.
When / if OpenSearch Dashboards is installed in a closed environment all outside / internet connection has to go through an httpsProxy / SOCKS proxy.
Pr now I have not found / not found documentation to support setting httpsProxy parameters for OpenSearch Dashboards.
Describe the solution you'd like
Add support for setting httpsProxy / httpProxy for OpenSearch Dashboards.
Documentation for the same.
Describe alternatives you've considered
The current workaround we are using are local proxying with netcat + host aliases. Not a very nice sollution, but "works".
Additional context
N/A
The text was updated successfully, but these errors were encountered: