Giter VIP home page Giter VIP logo

esproxy's Introduction

为了将kibana集成到我们的单点登陆(CAS框架), 使用django做了这个项目. 后来又加入一点简单的权限控制.

当时做这个项目的时候, 还是kibana3, 只有一个前端应用.
现在kibana4自带nodejs的WEB服务, 熟悉nodejs的同学直接在nodejs的express web框架上面开发可能会更原生态一些.

使用

internal

因为利用了nginx的internal location特征, 所以需要和nginx配合使用. apache中好像也有类似的功能, 参考这个apache mod

internal的说明可以参考这里, 它的简单配置如下:

location /protected/ {
	internal;
	root   /some/path;
}

这个配置是说, 如果从外部直接访问/protected, 会返回404.
需要nginx后面的php啊, django啊, 或者cgi啊, 返回的时候带一个header, 比如, X-Accel-Redirect: /protected/iso.img; nginx就会把用户的请求重定向到/protected/iso.img这里来. 权限控制就可以在后面的php啊, django啊, cgi处理了.

所以这个项目的想法很简单, 静态的kibana页面放在nginx后面.
到ES的ajax调用被转到django, 做用户权限认证之后, 再用上面说的方法调转到真正的ES restful入口.

nginx配置示例

server {
    listen       80 default_server;

    location = / {
        include uwsgi_params;
        uwsgi_pass unix:///home/childe/app/esproxy/esproxy/uwsgi.sock;
    }
    location = /login.html {
        include uwsgi_params;
        uwsgi_pass unix:///home/childe/app/esproxy/esproxy/uwsgi.sock;
    }
    location = /login {
        include uwsgi_params;
        uwsgi_pass unix:///home/childe/app/esproxy/esproxy/uwsgi.sock;
    }
    location = /logout.html {
        include uwsgi_params;
        uwsgi_pass unix:///home/childe/app/esproxy/esproxy/uwsgi.sock;
    }
    location = /logout {
        include uwsgi_params;
        uwsgi_pass unix:///home/childe/app/esproxy/esproxy/uwsgi.sock;
    }
    location /elasticsearch/ {
        include uwsgi_params;
        uwsgi_pass unix:///home/childe/app/esproxy/esproxy/uwsgi.sock;
    }
    location /es/ {
        internal;
        proxy_pass   http://127.0.0.1:9200/;
    }
    location / {
        alias /home/childe/app/kibana/;
        index index.html;
    }
}

django应用部署

clone

git clone [email protected]:childe/esproxy.git

pip 安装依赖

pip install -r requirements.txt

配置CAS, 如果需要的话

INSTALLED_APPS += (
    "django_cas",
)
AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
    'django_cas.backends.CASBackend',
)
CAS_LOGOUT_COMPLETELY = True
CAS_IGNORE_REFERER = True
CAS_REDIRECT_URL = "/"
CAS_AUTO_CREATE_USERS = True
CAS_GATEWAY = False
CAS_RETRY_LOGIN = True
CAS_SERVER_URL = 'https://cas.corp.com'

配置kibana目录和访问路径等

KIBANA_DIR = '~/app/kibana'
ELASTICSEARCH_PROXY = "/elasticsearch"
ELASTICSEARCH_REAL = "/es"

配置uwsgi.ini

[uwsgi]
chdir=/home/childe/app/esproxy/esproxy
module=esproxy.wsgi:application
master=True
pidfile=/tmp/esproxy.pid
vacuum=True
processes=4
max-requests=100
socket=/home/childe/app/esproxy/uwsgi.sock
daemonize=/var/log/esproxy.log

启动uwsgi

python manage.py syncdb
uwsgi -i uwsgi.ini

权限控制

在django的admin页面, 添加配置项. 权限配置

对于访问的索引, 会对所有的配置项按index的顺序一一匹配, 如果index regexp能match, 就会判断用户名/组名是否匹配, 然后返回true或者false.

如上图的配置, 就是说, 对web-20打头的索引, OPS组的人可以访问, childe这个用户也可以访问, 其他人都不可以.

esproxy's People

Contributors

childe avatar enggi avatar

Watchers

hugo avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.