[Maps] Maps application does not support proxy environment.

[tak7iji]

Kibana version:
6.7.0-SNAPSHOT
7.0.0-SNAPSHOT

Elasticsearch version:
6.7.0-SNAPSHOT
7.0.0-SNAPSHOT

Server OS version:
CentOS 7

Browser version:
Chrome 72

Browser OS version:
Windows 7

Original install method (e.g. download page, yum, from source, etc.):
yarn kbn bootstrap & yarn start

Describe the bug:
Related: #27832

If Kibana is running behind the proxy, /api/gis/meta api call returns null ems information.
#Both 6.7.0-SNAPSHOT and 7.0.0-SNAPSHOT

# curl http://localhost:5601/api/gis/meta
{"data_sources":{"ems":{"file":[],"tms":[]},"kibana":{"regionmap":[],"tilemap":{"options":{"default":true,"minZoom":0,"maxZoom":10}}}}}

And then no map displayed on maps app.

Because node-fetch does not support proxy and need to specify option for proxy like following codes.

diff --git a/src/legacy/core_plugins/tile_map/common/ems_client.js b/src/legacy/core_plugins/tile_map/common/ems_client.js
index 00fbf98..7110c9b 100644
--- a/src/legacy/core_plugins/tile_map/common/ems_client.js
+++ b/src/legacy/core_plugins/tile_map/common/ems_client.js
@@ -23,6 +23,8 @@ import { TMSService } from './tms_service';
 import { FileLayer } from './file_layer';
 import fetch from 'node-fetch';
 import { format as formatUrl, parse as parseUrl } from 'url';
+import HttpsProxyAgent from 'https-proxy-agent';
+import { getProxyForUrl } from 'proxy-from-env';

 const extendUrl = (url, props) => (
   modifyUrlLocal(url, parsed => _.merge(parsed, props))
@@ -150,7 +152,7 @@ export class EMSClientV66 {
           () => reject(new Error(`Request to ${url} timed out`)),
           this.EMS_LOAD_TIMEOUT
         );
-        fetch(url)
+        fetch(url, { agent:new HttpsProxyAgent(getProxyForUrl(url))})
           .then(
             response => {
               clearTimeout(timer);
diff --git a/x-pack/plugins/maps/server/routes.js b/x-pack/plugins/maps/server/routes.js
index 74c32bb..c2e5397 100644
--- a/x-pack/plugins/maps/server/routes.js
+++ b/x-pack/plugins/maps/server/routes.js
@@ -9,6 +9,8 @@ import { GIS_API_PATH } from '../common/constants';
 import fetch from 'node-fetch';
 import _ from 'lodash';
 import { i18n } from '@kbn/i18n';
+import HttpsProxyAgent from 'https-proxy-agent';
+import { getProxyForUrl } from 'proxy-from-env';

 const ROOT = `/${GIS_API_PATH}`;

@@ -41,7 +43,7 @@ export function initRoutes(server, licenseUid) {
         return null;
       }

-      const file = await fetch(layer.url);
+      const file = await fetch(layer.url, { agent:new HttpsProxyAgent(getProxyForUrl(layer.url))})
       return await file.json();

     }

[thomasneirynck]

thanks @tak7iji for logging

[elasticmachine]

Pinging @elastic/kibana-gis

[bicaluv]

Would like to upvote this issues.
Currently we can not use maps in production because of our security policy to required proxy connection

[datevfink]

i also need this one resolved

[thomasneirynck]

User can now configure Kibana to use CORS to connect to EMS. This may be a suitable work-around for this use case #34503

[bicaluv]

@thomasneirynck:
The cors solution does not help when you want to address a secured production environment which is separated from Internet by air gap. We can only reach internet via proxy.
So it would be great to support „https_proxy“ envy like many other servers do.

[thomasneirynck]

thanks @bicaluv for the feedback

[thomasneirynck]

For now, we recommend the following work-around in cases where Kibana is deployed in a DMZ.

• configure the map.proxyElasticMapsServiceInMaps: true in kibana.yml. This will make the Kibana application not use CORS to connect to EMS, but rather proxy all request through the Kibana-server.
• configure the firewall to allow outbound traffic for following domains from the kibana-server to:
  • catalogue.maps.elastic.co
  • tiles.maps.elastic.co
  • vector.maps.elastic.co

Note that this only works for the Maps application, and not the Coordinate and Region Maps visualizations. The latter only can connect with CORS.

This is also documented here: https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html

[kmartastic]

@tak7iji @bicaluv @datevfink Ping me if you want an update on the work to address this customer problem.

In short, our on-prem maps solution is ready to test internally.
https://github.com/elastic/support-knowledge-articles/issues/1661#issuecomment-712491539

[thomasneirynck]

The Elastic Maps Server was released in 7.11 https://www.elastic.co/downloads/elastic-maps-server. This removes the need to proxy the elastic-hosted EMS for DMZ-deployments, as users can self-host EMS now.