Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add https & ldap instructions #25477

Merged
merged 4 commits into from
Oct 3, 2023
Merged

docs: add https & ldap instructions #25477

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
47ef0ae
add https and ldap guidelines
mdeshmu Oct 1, 2023
0dd7b35
update LDAP docs, mention FAB = Flask-AppBuilder
sfirke Oct 2, 2023
35a777a
Update docs/docs/installation/configuring-superset.mdx
mdeshmu Oct 3, 2023
0eab76a
Merge branch 'apache:master' into bugherd-51
mdeshmu Oct 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 15 additions & 2 deletions docs/docs/installation/configuring-superset.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,11 @@ If you're not using Gunicorn, you may want to disable the use of `flask-compress
Currently, Google BigQuery python sdk is not compatible with `gevent`, due to some dynamic monkeypatching on python core library by `gevent`.
So, when you use `BigQuery` datasource on Superset, you have to use `gunicorn` worker type except `gevent`.

### HTTPS Configuration

You can configure HTTPS upstream via a load balancer or a reverse proxy (such as nginx) and do SSL/TLS Offloading before traffic reaches the Superset application. In this setup, local traffic from a Celery worker taking a snapshot of a chart for Alerts & Reports can access Superset at a `http://` URL, from behind the ingress point.
You can also configure [SSL in Gunicorn](https://docs.gunicorn.org/en/stable/settings.html#ssl) (the Python webserver) if you are using an official Superset Docker image.

### Configuration Behind a Load Balancer

If you are running superset behind a load balancer or reverse proxy (e.g. NGINX or ELB on AWS), you
Expand All @@ -169,8 +174,9 @@ RequestHeader set X-Forwarded-Proto "https"

### Custom OAuth2 Configuration

Beyond FAB supported providers (GitHub, Twitter, LinkedIn, Google, Azure, etc), its easy to connect
Superset with other OAuth2 Authorization Server implementations that support “code” authorization.
Superset is built on Flask-AppBuilder (FAB), which supports many providers out of the box
mdeshmu marked this conversation as resolved.
Show resolved Hide resolved
(GitHub, Twitter, LinkedIn, Google, Azure, etc). Beyond those, Superset can be configured to connect
with other OAuth2 Authorization Server implementations that support “code” authorization.

Make sure the pip package [`Authlib`](https://authlib.org/) is installed on the webserver.

Expand Down Expand Up @@ -265,6 +271,13 @@ CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
]
```

### LDAP Authentication

FAB supports authenticating user credentials against an LDAP server.
To use LDAP you must install the [python-ldap](https://www.python-ldap.org/en/latest/installing.html) package.
See [FAB's LDAP documentation](https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-ldap)
for details.

### Flask app Configuration Hook

`FLASK_APP_MUTATOR` is a configuration function that can be provided in your environment, receives
Expand Down