Support proxy for maps service and other outgoing requests in air gapped environment

[Alphayeeeet]

It may be a workaround to use a self-hosted map-server or package registry, but in general you would use a proxy server to access internet ressources in an air gapped environment. Add support tu use a proxy like you could do in elasticsearch using java opts (noproxy-option should be available).

In air gapped environment, you do not want to give the server free access to internet using firewall. Instead you want to control which server has access to which ressources. You can achieve that, by using a proxy server. Unfortunately kibana does not supper proxy-servers yet (except epr.elastic.co, but forget that for now).

[elasticmachine]

Pinging @elastic/kibana-operations (Team:Operations)

[elasticmachine]

Pinging @elastic/kibana-presentation (Team:Presentation)

[nreese]

@Alphayeeeet thanks for opening this issue.

In air gapped environment, you do not want to give the server free access to internet using firewall. Instead you want to control which server has access to which ressources

Could you explain in more detail which services kibana server needs access to. You mentioned map-server. Do you mean Elastic Maps Service (EMS)? Kibana server does not access EMS, instead, EMS is accessed directly from clients (web browsers). The domains required for EMS access are listed at https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#_domains.

[Alphayeeeet]

@nreese That makes sense. I have to confess, that I did not test it through, because it wasn't even documented, that EMS is accessed through browser. In the following doc, it says, that hosting EMS locally is required, which I think is not a good solution, if using a proxy would be quite easy if possible. https://www.elastic.co/guide/en/elastic-stack/current/air-gapped-install.html#air-gapped-kibana

It should be clearly documented that EMS is accessed via browser and not from Kibana server itself.

[nreese]

Thanks for mentioning https://www.elastic.co/guide/en/elastic-stack/current/air-gapped-install.html#air-gapped-kibana docs. Yes, these need to be updated with another option of opening firewall to access publish EMS. I have opened #174716 to track the documenation issue.

I am going to remove Team:presentation from the issue since the other teams are responsible for other services.

[Alphayeeeet]

@nreese Is the documentation issue resolved? If so, I think this issue could be closed.

[jsanz]

@Alphayeeeet documentation was updated and hopefully provides the details needed to access EMS resources. Please reopen or create a new issue if we can improve anything.

Thanks!