57 lines
2.6 KiB
Text
57 lines
2.6 KiB
Text
[[configuring-console]]
|
|
== Configuring Console
|
|
|
|
You can add the following options in the `config/kibana.yml` file:
|
|
|
|
`console.enabled`:: *Default: true* Set to false to disable Console. Toggling this will cause the server to regenerate assets on the next startup, which may cause a delay before pages start being served.
|
|
|
|
`console.proxyFilter`:: *Default: `.*`* A list of regular expressions that are used to validate any outgoing request from Console. If none
|
|
of these match, the request will be rejected. See <<securing-console>> for more details.
|
|
|
|
`console.proxyConfig`:: A list of configuration options that are based on the proxy target. Use this to set custom timeouts or SSL settings for specific hosts. This is done by defining a set of `match` criteria using wildcards/globs which will be checked against each request. The configuration from all matching rules will then be merged together to configure the proxy used for that request.
|
|
+
|
|
The valid match keys are `match.protocol`, `match.host`, `match.port`, and `match.path`. All of these keys default to `*`, which means they will match any value.
|
|
+
|
|
Example:
|
|
+
|
|
[source,yaml]
|
|
--------
|
|
console.proxyConfig:
|
|
- match:
|
|
host: "*.internal.org" # allow any host that ends in .internal.org
|
|
port: "{9200..9299}" # allow any port from 9200-9299
|
|
|
|
ssl:
|
|
ca: "/opt/certs/internal.ca"
|
|
# "key" and "cert" are also valid options here
|
|
|
|
- match:
|
|
protocol: "https"
|
|
|
|
ssl:
|
|
verify: false # allows any certificate to be used, even self-signed certs
|
|
|
|
# since this rule has no "match" section it matches everything
|
|
- timeout: 180000 # 3 minutes
|
|
--------
|
|
|
|
[[securing-console]]
|
|
=== Securing Console
|
|
|
|
Console is meant to be used as a local development tool. As such, it will send requests to any host & port combination,
|
|
just as a local curl command would. To overcome the CORS limitations enforced by browsers, Console's Node.js backend
|
|
serves as a proxy to send requests on behalf of the browser. However, if put on a server and exposed to the internet
|
|
this can become a security risk. In those cases, we highly recommend you lock down the proxy by setting the
|
|
`console.proxyFilter` setting. The setting accepts a list of regular expressions that are evaluated against each URL
|
|
the proxy is requested to retrieve. If none of the regular expressions match the proxy will reject the request.
|
|
|
|
Here is an example configuration the only allows Console to connect to localhost:
|
|
|
|
[source,yaml]
|
|
--------
|
|
console.proxyFilter:
|
|
- ^https?://(localhost|127\.0\.0\.1|\[::0\]).*
|
|
--------
|
|
|
|
You will need to restart Kibana for these changes to take effect.
|
|
|