Skip to content

feat: add option to skip SSL verification #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 13, 2025
Merged

feat: add option to skip SSL verification #77

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a50baf0
feat: add option to skip SSL verification
slhck Jun 4, 2025
7b742fe
Merge branch 'main' into add-skip-ssl-verify-option
JoshMock Jun 12, 2025
96d2886
Update index.ts
JoshMock Jun 12, 2025
674dbaa
Merge branch 'main' into add-skip-ssl-verify-option
JoshMock Jun 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ The Elasticsearch MCP Server supports configuration options to connect to your E
| `ES_USERNAME` | Elasticsearch username for basic authentication | No |
| `ES_PASSWORD` | Elasticsearch password for basic authentication | No |
| `ES_CA_CERT` | Path to custom CA certificate for Elasticsearch SSL/TLS | No |
| `ES_SSL_SKIP_VERIFY` | Set to '1' or 'true' to skip SSL certificate verification | No |
| `ES_PATH_PREFIX` | Path prefix for Elasticsearch instance exposed at a non-root path | No |
| `ES_VERSION` | Server assumes Elasticsearch 9.x. Set to `8` target Elasticsearch 8.x | No |

Expand Down
22 changes: 17 additions & 5 deletions index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,14 @@ const ConfigSchema = z
version: z
.string()
.optional()
.transform((val) => (['8', '9'].includes(val ?? '') ? val : '9'))
.describe('Elasticsearch version (8, or 9)')
.transform((val) => (['8', '9'].includes(val || '') ? val : '9'))
.describe('Elasticsearch version (8, or 9)'),

sslSkipVerify: z
.boolean()
.optional()
.describe('Skip SSL certificate verification'),

})
.refine(
(data) => {
Expand All @@ -113,8 +119,7 @@ type ElasticsearchConfig = z.infer<typeof ConfigSchema>

export async function createElasticsearchMcpServer (config: ElasticsearchConfig): Promise<McpServer> {
const validatedConfig = ConfigSchema.parse(config)
const { url, apiKey, username, password, caCert, version, pathPrefix } =
validatedConfig
const { url, apiKey, username, password, caCert, version, pathPrefix, sslSkipVerify } = validatedConfig

const clientOptions: ClientOptions = {
node: url,
Expand All @@ -140,10 +145,11 @@ export async function createElasticsearchMcpServer (config: ElasticsearchConfig)
}

// Set up SSL/TLS certificate if provided
clientOptions.tls = {}
if (caCert != null) {
try {
const ca = fs.readFileSync(caCert)
clientOptions.tls = { ca }
clientOptions.tls.ca = ca
} catch (error) {
console.error(
`Failed to read certificate file: ${
Expand All @@ -163,6 +169,11 @@ export async function createElasticsearchMcpServer (config: ElasticsearchConfig)
}
}

// Skip verification if requested
if (sslSkipVerify != null && sslSkipVerify === true) {
clientOptions.tls.rejectUnauthorized = false
}

const esClient = new Client(clientOptions)

const server = new McpServer(product)
Expand Down Expand Up @@ -486,6 +497,7 @@ const config: ElasticsearchConfig = {
password: process.env.ES_PASSWORD ?? '',
caCert: process.env.ES_CA_CERT ?? '',
version: process.env.ES_VERSION ?? '',
sslSkipVerify: process.env.ES_SSL_SKIP_VERIFY === '1' || process.env.ES_SSL_SKIP_VERIFY === 'true',
pathPrefix: process.env.ES_PATH_PREFIX ?? ''
}

Expand Down