From 47ef0ae26953cb20c8fab91131a150b6669c2d69 Mon Sep 17 00:00:00 2001 From: Multazim Deshmukh Date: Sun, 1 Oct 2023 16:26:14 +0530 Subject: [PATCH 1/3] add https and ldap guidelines --- docs/docs/installation/configuring-superset.mdx | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/docs/installation/configuring-superset.mdx b/docs/docs/installation/configuring-superset.mdx index f1d3c96246fa8..7d0960771363d 100644 --- a/docs/docs/installation/configuring-superset.mdx +++ b/docs/docs/installation/configuring-superset.mdx @@ -149,6 +149,11 @@ If you're not using Gunicorn, you may want to disable the use of `flask-compress Currently, Google BigQuery python sdk is not compatible with `gevent`, due to some dynamic monkeypatching on python core library by `gevent`. So, when you use `BigQuery` datasource on Superset, you have to use `gunicorn` worker type except `gevent`. +### HTTPS Configuration + +You can configure HTTPS upstream via a load balancer or an nginx reverse proxy and do TLS Offloading before it reaches Superset App. +You can also configure [SSL in Gunicorn](https://docs.gunicorn.org/en/stable/settings.html#ssl) (the Python webserver) if you are using an official Superset Docker image. + ### Configuration Behind a Load Balancer If you are running superset behind a load balancer or reverse proxy (e.g. NGINX or ELB on AWS), you @@ -265,6 +270,12 @@ CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager ] ``` +### LDAP Authentication + +FAB allows to authenticate the user’s credentials against an LDAP server. +To use LDAP you need to install [python-ldap](https://www.python-ldap.org/en/latest/installing.html). +Please refer [FAB's LDAP documentation](https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap) for configuration details. + ### Flask app Configuration Hook `FLASK_APP_MUTATOR` is a configuration function that can be provided in your environment, receives From 0dd7b350a6c779055ab68219f8efe84d750dfecc Mon Sep 17 00:00:00 2001 From: Sam Firke Date: Mon, 2 Oct 2023 14:09:51 -0400 Subject: [PATCH 2/3] update LDAP docs, mention FAB = Flask-AppBuilder --- docs/docs/installation/configuring-superset.mdx | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/docs/installation/configuring-superset.mdx b/docs/docs/installation/configuring-superset.mdx index 7d0960771363d..8bd7a21fc6e63 100644 --- a/docs/docs/installation/configuring-superset.mdx +++ b/docs/docs/installation/configuring-superset.mdx @@ -174,8 +174,9 @@ RequestHeader set X-Forwarded-Proto "https" ### Custom OAuth2 Configuration -Beyond FAB supported providers (GitHub, Twitter, LinkedIn, Google, Azure, etc), its easy to connect -Superset with other OAuth2 Authorization Server implementations that support “code” authorization. +Superset is built on Flask-AppBuilder (FAB), which supports many providers out of the box +(GitHub, Twitter, LinkedIn, Google, Azure, etc). Beyond those, Superset can be configured to connect +with other OAuth2 Authorization Server implementations that support “code” authorization. Make sure the pip package [`Authlib`](https://authlib.org/) is installed on the webserver. @@ -272,9 +273,10 @@ CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager ### LDAP Authentication -FAB allows to authenticate the user’s credentials against an LDAP server. -To use LDAP you need to install [python-ldap](https://www.python-ldap.org/en/latest/installing.html). -Please refer [FAB's LDAP documentation](https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap) for configuration details. +FAB supports authenticating user credentials against an LDAP server. +To use LDAP you must install the [python-ldap](https://www.python-ldap.org/en/latest/installing.html) package. +See [FAB's LDAP documentation](https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap) +for details. ### Flask app Configuration Hook From 35a777a5c38af29b2d2b582af2dbffeea17cb7cd Mon Sep 17 00:00:00 2001 From: Multazim Deshmukh <57723564+mdeshmu@users.noreply.github.com> Date: Tue, 3 Oct 2023 06:51:22 +0530 Subject: [PATCH 3/3] Update docs/docs/installation/configuring-superset.mdx Co-authored-by: Sam Firke --- docs/docs/installation/configuring-superset.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/installation/configuring-superset.mdx b/docs/docs/installation/configuring-superset.mdx index 8bd7a21fc6e63..3940ff4e5fea5 100644 --- a/docs/docs/installation/configuring-superset.mdx +++ b/docs/docs/installation/configuring-superset.mdx @@ -151,7 +151,7 @@ So, when you use `BigQuery` datasource on Superset, you have to use `gunicorn` w ### HTTPS Configuration -You can configure HTTPS upstream via a load balancer or an nginx reverse proxy and do TLS Offloading before it reaches Superset App. +You can configure HTTPS upstream via a load balancer or a reverse proxy (such as nginx) and do SSL/TLS Offloading before traffic reaches the Superset application. In this setup, local traffic from a Celery worker taking a snapshot of a chart for Alerts & Reports can access Superset at a `http://` URL, from behind the ingress point. You can also configure [SSL in Gunicorn](https://docs.gunicorn.org/en/stable/settings.html#ssl) (the Python webserver) if you are using an official Superset Docker image. ### Configuration Behind a Load Balancer