atomita / fluent-plugin-aws-elasticsearch-service

This repository is extends of https://github.com/uken/fluent-plugin-elasticsearch/ which made connectable to Amazon Elassticsearch Service using Aws Signers V4. Please check the requirements to connect to Amazon Elassticsearch Service without using Aws Signers V4 for before starting use. (reference https://groups.google.com/forum/#!msg/fluentd/uW87VAOqxeE/cfhenicEBAAJ)
MIT License
122 stars 49 forks source link

Ignore certificate host mismatch? #36

Open marksawersw opened 6 years ago

marksawersw commented 6 years ago

Hello. Does the plugin have the capability to ignore a host mismatch in the X.500 cert?

I have different elasticsearch domains for dev and prod. I'd like to have one fluentd conf (actually a docker image) that works in both dev and prod. I'd like to set the endpoint url to a domain name that we can vary in each environment, for example in different DNS zones, or pass in as an --add-host or Environment property to the container.

I tried using a domain (shown below as es.mydomain.com) in the endpoint url, but I'm seeing the following error:

2017-11-06 21:22:27 +0000 [warn]: #0 failed to flush the buffer. retry_time=4 next_retry_seconds=2017-11-06 21:22:27 +0000 chunk="55d570c043428d9eb6051e904e4ab690" error_class=Faraday::SSLError error="hostname \"es.mydomain.com\" does not match the server certificate (OpenSSL::SSL::SSLError)

Any suggestions to ignore the mismatch? Or are there alternate patterns for image portability?

Thanks! Mark

Tiny-wlx commented 6 years ago

+1

cosmo0920 commented 5 years ago

Could you add ssl_verify false, which is originated from original ES plguin, into your configuration?

cosmo0920 commented 4 years ago

Or, I'm sending the PR to support verify_hostname option: https://github.com/lostisland/faraday/pull/1172 But the PR is not merged yet.