maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[actions] update doc on customHostSettings config (#101768) (#114351)

Browse source 
Improved the doc on the Kibana config for actions customHostSettings

Co-authored-by: ymao1 <ying.mao@elastic.co>

Co-authored-by: ymao1 <ying.mao@elastic.co>
This commit is contained in:
Patrick Mueller 2021-10-07 16:00:38 -04:00 committed by GitHub
parent a94d4cc5de
commit 2b8244b21c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
docs/settings/alert-action-settings.asciidoc
View file

@ -51,10 +51,13 @@ entry.
+
In the following example, two custom host settings
are defined. The first provides a custom host setting for mail server
`mail.example.com` using port 465 that supplies server certificate authorization
`mail.example.com` using port 465 that supplies server certificate authentication
data from both a file and inline, and requires TLS for the
connection. The second provides a custom host setting for https server
`webhook.example.com` which turns off server certificate authorization.
`webhook.example.com` which turns off server certificate authentication,
that will allow Kibana to connect to the server if it's using a self-signed
certificate. The individual properties that can be used in the settings are
documented below.
+
[source,yaml]
--
@ -71,11 +74,16 @@ xpack.actions.customHostSettings:
requireTLS: true
- url: https://webhook.example.com
ssl:
// legacy
rejectUnauthorized: false
verificationMode: 'none'
--
The settings in `xpack.actions.customHostSettings` can be used to override the
global option `xpack.actions.ssl.verificationMode` and provide customized TLS
settings on a per-server basis. Set `xpack.actions.ssl.verificationMode` to the
value to be used by default for all servers, then add an entry in
`xpack.actions.customHostSettings` for every server that requires customized
settings.
`xpack.actions.customHostSettings[n].url` {ess-icon}::
A URL associated with this custom host setting. Should be in the form of
`protocol://hostname:port`, where `protocol` is `https` or `smtp`. If the
@ -96,10 +104,12 @@ values.
`xpack.actions.customHostSettings[n].smtp.ignoreTLS` {ess-icon}::
A boolean value indicating that TLS must not be used for this connection.
The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true.
Default: `false`.
`xpack.actions.customHostSettings[n].smtp.requireTLS` {ess-icon}::
A boolean value indicating that TLS must be used for this connection.
The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true.
Default: `false`.
`xpack.actions.customHostSettings[n].ssl.rejectUnauthorized`::
Deprecated. Use <<action-config-custom-host-verification-mode,`xpack.actions.customHostSettings.ssl.verificationMode`>> instead. A boolean value indicating whether to bypass server certificate validation.
@ -146,8 +156,8 @@ Specifies HTTP headers for the proxy, if using a proxy for actions. Default: {}.
`xpack.actions.proxyRejectUnauthorizedCertificates` {ess-icon}::
Deprecated. Use <<action-config-proxy-verification-mode,`xpack.actions.ssl.proxyVerificationMode`>> instead. Set to `false` to bypass certificate validation for the proxy, if using a proxy for actions. Default: `true`.
[[action-config-proxy-verification-mode]]`xpack.actions[n].ssl.proxyVerificationMode` {ess-icon}::
Controls the verification for the proxy server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection to the proxy server. Valid values are `full`, `certificate`, and `none`.
[[action-config-proxy-verification-mode]]`xpack.actions.ssl.proxyVerificationMode` {ess-icon}::
Controls the verification for the proxy server certificate that Kibana receives when making an outbound SSL/TLS connection to the proxy server. Valid values are `full`, `certificate`, and `none`.
Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <<elasticsearch-ssl-verificationMode,Equivalent {kib} setting>>.
`xpack.actions.rejectUnauthorized` {ess-icon}::
@ -156,12 +166,12 @@ Deprecated. Use <<action-config-verification-mode,`xpack.actions.ssl.verificatio
As an alternative to setting `xpack.actions.rejectUnauthorized`, you can use the setting
`xpack.actions.customHostSettings` to set SSL options for specific servers.
[[action-config-verification-mode]] `xpack.actions[n].ssl.verificationMode` {ess-icon}::
[[action-config-verification-mode]] `xpack.actions.ssl.verificationMode` {ess-icon}::
Controls the verification for the server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection for actions. Valid values are `full`, `certificate`, and `none`.
Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <<elasticsearch-ssl-verificationMode,Equivalent {kib} setting>>.
+
As an alternative to setting `xpack.actions.ssl.verificationMode`, you can use the setting
`xpack.actions.customHostSettings` to set SSL options for specific servers.
This setting can be overridden for specific URLs by using the setting
`xpack.actions.customHostSettings[n].ssl.verificationMode` (described above) to a different value.
`xpack.actions.maxResponseContentLength` {ess-icon}::
Specifies the max number of bytes of the http response for requests to external resources. Default: 1000000 (1MB).