Kibana: [Maps] Use CORS to connect to EMS rather than use Kibana as a proxy
When the Kibana server is unable to reach the public internet, and in turn the maps service, even if the browser that is running Kibana is able to reach the public internet maps don't work, and the following error is displayed when hovering over the default "road_map" layer:
Unable to find EMS tile configuration for id: road_map
kobelb
All 5 comments
Pinging @elastic/kibana-gis
elasticmachine
on 27 Mar 2019
Using Kibana to proxy the EMS-files was introduced to make it easier for admins to setup firewall configs for on-prem deployments of the stack. ie. it is more straightforward to allow one outbound connection from the Kibana server deployment to EMS than allow all end-users have an outbound connection to EMS.
This issue is the opposite scenario.
This could be optional in the maps-app when adding layers. Users can opt to have Kibana act as a proxy for EMS-files/regionmap files or for end-user browsers to use CORS to fetch EMS-files/regionmap files.
thomasneirynck
on 28 Mar 2019
Related to on-prem deployments is https://github.com/elastic/kibana/issues/28765.
With geojson upload capabilties, users will be able to ingest EMS-files in Elasticsearch and serve this from their local cluster.
thomasneirynck
on 28 Mar 2019
Even if it is easier to open a port on the server from a technical standpoint, in practice opening a port from a server deployment is a big effort, which is why we avoid doing it in all possible cases. There are greater risks to an organization associated with opening ports to infrastructure than doing so for clients, so doing so often requires internal backflips to cut through the red tape and make a case for the port to be opened. And often the request is rejected unless the blocked functionality is deemed critical enough.
Maps isn鈥檛 alone here in requiring remote requests, so we should change the behavior to do it from the client to make managing Kibana more consistent.
epixa
on 4 Apr 2019
Hi,
I like the idea to have a setting in kibana.yml that lets to say if EMS is called from client or server side.
For EMS particularly, I don't understand why it could be a problem that Kibana client makes CORS requests, if EMS server returns the necessary CORS http headers to allow CORS calls.
But anyway, for external http calls from Kibana server, Kibana should be able to manage http proxy settings.
I don't know any serious company network that lets direct access to internet on personal computer, and worst, on production servers.
fbaligand
on 4 Apr 2019
Related issues
mark54g
路
3Comments
tbragin
路
3Comments
bradvido
路
3Comments
timroes
路
3Comments
timmolter
路
3Comments
Most helpful comment
Hi,
I like the idea to have a setting in kibana.yml that lets to say if EMS is called from client or server side.
For EMS particularly, I don't understand why it could be a problem that Kibana client makes CORS requests, if EMS server returns the necessary CORS http headers to allow CORS calls.
But anyway, for external http calls from Kibana server, Kibana should be able to manage http proxy settings.
I don't know any serious company network that lets direct access to internet on personal computer, and worst, on production servers.