sist2 icon indicating copy to clipboard operation
sist2 copied to clipboard
verified publisher icon simon987

https secure web server and features request

Open germainm opened this issue 5 years ago • 3 comments

sist2 version:2.8.3

Platform (Linux or Docker, x86-64 or arm64):Iinux x86-64

Elasticsearch version:7.5.1

Command with arguments: ./sist2 web --bind=0.0.0.0 :4090--es-url=https://user:[email protected]:9200 ~/first.idx ~/second.idx

is there a way to have ssl support ?

have a config with

-user/pass for elasticsearch -user/pass for http(s) if any -adress and port to bind to -set of collections ( first_album.idx + second_album.idx -> collection1, ... ). it would be possible to manages multiples indexes in different collections -certificates to use, key

But, I'm not sure to understand the real utility to implement web_server instead using apache2 directly and elasticsearch only.

apache2 only for ssl, url rewrite, serve files and protect http access from the net with password.

example: it would be very easy to specify indexes to use in the javascript and catch errors if any from elasticsearch (instead using /i method.

You can store preferences in es if needed

But, maybe if there's easy way to have ssl in mongoose, it would OK solution in production(ie, for memory optimization because your code seem optimised and near machine langage) after fixing memory leaks and passing tests.

germainm avatar Sep 15 '20 01:09 germainm

Thanks for submitting this issue,

is there a way to have ssl support ?

Managing certificate files and their keys is unnecessarily complicated to use and implement (this goes against the S in Sist2), is there any reason why you wouldn't want to add SSL at your web server level (apache2, nginx, caddy, traefic etc.) ? Most of those have auto-renew features and are very simple to use: example: https://sist2.simon987.net/ uses nginx + letsencrypt

config, collections, etc

Please create a separate issue for each feature request

But, I'm not sure to understand the real utility to implement web_server instead using apache2 directly and elasticsearch only. apache2 only for ssl, url rewrite, serve files and protect http access from the net with password. example: it would be very easy to specify indexes to use in the javascript and catch errors if any from elasticsearch (instead using /i method.

Sorry, I don't understand what you mean by any of this, can you rephrase this part?

simon987 avatar Sep 15 '20 01:09 simon987

I said I don't see any valid reason why you coded server (excepted for no web accesss because of ssl missing).

What I can understand is that you serve files with the http server using mongoose, get indexes info from it and use it to do elasticsearch request but this only for local use because of missing security feature for now

I didn't dig too far in your code only 2-3 hours, but I think you can all do that with apache2, html, js and write indexes info into json format in elasticsearch indices

if I could index directories on my computer from wsl 2, run https server and access my file everywhere it would be a lot more useful.

germainm avatar Sep 15 '20 01:09 germainm

Managing certificate files and their keys is unnecessarily complicated to use and implement (this goes against the S in Sist2), is there any reason why you wouldn't want to add SSL at your web server level (apache2, nginx, caddy, traefic etc.) ? Most of those have auto-renew features and are very simple to use: example: https://sist2.simon987.net/ uses nginx + letsencrypt

Sure, but you still need to run a second server

germainm avatar Sep 15 '20 01:09 germainm