I think we should move logstash behind a proxy that listens on 443 and add basic auth. We should be able to do the auth at the proxy layer, so logstash config can more or less be the same except it only needs to listen on localhost.
Steps to complete are something like follows:
Run a script that generates a random password, stores in a htpasswd file and stores in the http_logstash.json file (I am assuming there are private fields for this, but may be wrong)
Create a proxy file that points /logstash to the logstash instance running and has basic auth setup that uses the htpassd file from previous step.
This is important because we can't assume archive requests always happen on localhost. In pscheduler, the source of throughput tests always archives, meaning sometimes for reverse tests the remote end is sending the archive message back to the host.
I think we should move logstash behind a proxy that listens on 443 and add basic auth. We should be able to do the auth at the proxy layer, so logstash config can more or less be the same except it only needs to listen on localhost.
Steps to complete are something like follows:
htpasswdfile and stores in the http_logstash.json file (I am assuming there are private fields for this, but may be wrong)This is important because we can't assume archive requests always happen on localhost. In pscheduler, the source of throughput tests always archives, meaning sometimes for reverse tests the remote end is sending the archive message back to the host.