liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add elasticsearch ssl options (#5499)

Browse Source
This commit is contained in:
Hexaflexagon 2022-08-06 23:27:25 +02:00 committed by GitHub
parent 6943524b3f
commit 933293a997
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
server/modules/search/elasticsearch/definition.yml
View File

@ -20,28 +20,37 @@ props:
title: Host(s) title: Host(s)
hint: Comma-separated list of Elasticsearch hosts to connect to, including the port, username and password if necessary. (e.g. http://localhost:9200, https://user:pass@es1.example.com:9200) hint: Comma-separated list of Elasticsearch hosts to connect to, including the port, username and password if necessary. (e.g. http://localhost:9200, https://user:pass@es1.example.com:9200)
order: 2 order: 2
verifyTLSCertificate:
title: Verify TLS Certificate
type: Boolean
default: true
order: 3
tlsCertPath:
title: TLS Certificate Path
type: String
hint: Absolute path to the TLS certificate on the server.
order: 4
indexName: indexName:
type: String type: String
title: Index Name title: Index Name
hint: The index name to use during creation hint: The index name to use during creation
default: wiki default: wiki
order: 3 order: 5
analyzer: analyzer:
type: String type: String
title: Analyzer title: Analyzer
hint: 'The token analyzer in elasticsearch' hint: 'The token analyzer in elasticsearch'
default: simple default: simple
order: 4 order: 6
sniffOnStart: sniffOnStart:
type: Boolean type: Boolean
title: Sniff on start title: Sniff on start
hint: 'Should Wiki.js attempt to detect the rest of the cluster on first connect? (Default: off)' hint: 'Should Wiki.js attempt to detect the rest of the cluster on first connect? (Default: off)'
default: false default: false
order: 5 order: 7
sniffInterval: sniffInterval:
type: Number type: Number
title: Sniff Interval title: Sniff Interval
hint: '0 = disabled, Interval in seconds to check for updated list of nodes in cluster. (Default: 0)' hint: '0 = disabled, Interval in seconds to check for updated list of nodes in cluster. (Default: 0)'
default: 0 default: 0
order: 6 order: 8

21
server/modules/search/elasticsearch/engine.js
View File

@ -1,6 +1,7 @@
const _ = require('lodash') const _ = require('lodash')
const stream = require('stream') const stream = require('stream')
const Promise = require('bluebird') const Promise = require('bluebird')
const fs = require('fs')
const pipeline = Promise.promisify(stream.pipeline) const pipeline = Promise.promisify(stream.pipeline)
/* global WIKI */ /* global WIKI */
@ -24,6 +25,7 @@ module.exports = {
nodes: this.config.hosts.split(',').map(_.trim), nodes: this.config.hosts.split(',').map(_.trim),
sniffOnStart: this.config.sniffOnStart, sniffOnStart: this.config.sniffOnStart,
sniffInterval: (this.config.sniffInterval > 0) ? this.config.sniffInterval : false, sniffInterval: (this.config.sniffInterval > 0) ? this.config.sniffInterval : false,
ssl: getTlsOptions(this.config),
name: 'wiki-js' name: 'wiki-js'
}) })
break break
@ -33,6 +35,7 @@ module.exports = {
nodes: this.config.hosts.split(',').map(_.trim), nodes: this.config.hosts.split(',').map(_.trim),
sniffOnStart: this.config.sniffOnStart, sniffOnStart: this.config.sniffOnStart,
sniffInterval: (this.config.sniffInterval > 0) ? this.config.sniffInterval : false, sniffInterval: (this.config.sniffInterval > 0) ? this.config.sniffInterval : false,
ssl: getTlsOptions(this.config),
name: 'wiki-js' name: 'wiki-js'
}) })
break break
@ -351,3 +354,21 @@ module.exports = {
WIKI.logger.info(`(SEARCH/ELASTICSEARCH) Index rebuilt successfully.`) WIKI.logger.info(`(SEARCH/ELASTICSEARCH) Index rebuilt successfully.`)
} }
} }
function getTlsOptions(conf) {
if (!conf.tlsCertPath) {
return {
rejectUnauthorized: conf.verifyTLSCertificate
}
}
const caList = []
if (conf.verifyTLSCertificate) {
caList.push(fs.readFileSync(conf.tlsCertPath))
}
return {
rejectUnauthorized: conf.verifyTLSCertificate,
ca: caList
}
}