Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 
0 Kudos
17,679
  • SAP Managed Tags:
Elastic Search is a Lucene based search server.It provides a distributed multi-user capability full-text search engine based on a RESTful web interface.

Elastic search, developed in the Java language and released as open source under the Apache license, is a popular enterprise search engine.ElasticSearch is used in cloud computing to achieve real-time search, stability, reliability, speed and ease of installation.The official client is available in Java,.net (C#), PHP, Python, Apache Groovy, Ruby, and many other languages.Elasticsearch is the most popular corporate search engine, according to db-engines' ranking.

Elastic search does not take authentication by default because it is not designed in an open network environment. When you allow port 9200 external access, your data and cluster are not secure.

Typically elasticsearch clusters are protected by VPN, firewall and other means of restriction.But if you want to connect to elasticsearch clusters on an external network, you can only authenticate with the user's password.
Here are two ways to add password authentication:


  • use the x-pack plug-in

  • use the Nginx


 

> use x-pack to authentication steps


         1. install x-pack


          (Only Before  Elastic search 6.3 previously required manual download of the x-pack plug-in)



$cd ~/elasticsearch-6.2.4 
$./bin/elasticsearch-plugin install x-pack

         2.set password for Elastic search、logstash、kibana


$cd ~/elasticsearch-6.2.4/bin/x-pack
$./setup-passwords interactive

         3.Set up elastic search configuration file


$vim ~/elasticsearch-6.2.4/config/elasticsearch.yml

         Add the following three lines


http.cors.enabled: true
http.cors.allow-origin: '*'
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

         4.restart elastic search


now we can use username password to visit


curl http://127.0.0.1:9200 -u [username]:[password]

> use nginx to authentication




In this way, the request is sent to nginx, which forwards it to elastic search. Configure HTTP basic authentication in nginx, and the request must be able to pass nginx's basic authentication, otherwise the elastic search cannot be accessed.

It's very simple.Elastic search does not require authentication, so it works with all versions of elastic search, and it is free.

steps



  1.  config nginx auth_basic
    open nginx.conf
    $vi ~/nginx/conf/nginx.conf​

    set upstream and  turn on auth_basic
    http {

    upstream esservice{
    server 127.0.0.1:9200;
    }

    server {
    listen 8080;

    auth_basic "Elasticsearch Login";
    auth_basic_user_file passwords; //this is a file

    location / {
    proxy_pass http://esservice;
    proxy_redirect off;
    }
    }

    }

    use openssl set password
    $ printf "username:$(openssl passwd -crypt password)\n" > passwords​


  2. run nginx
    $ nginx -p $PWD/nginx/ -c $PWD/nginx_http_auth_basic.conf​


  3. close port 9200 external access

  4. use username password to access elastic search
    $ curl -i -X POST username:password@localhost:8080/_cluster/nodes/​

     

    now the authentication is work.


 

The above two methods are what I tried in the project. Finally, I chose to use nginx's basic authentication, because our project happened to use nginx, and our ES version was too low.

Hope the above content can help you. thanks for your read.
Labels in this area