Instantly share code, notes, and snippets.

Embed
What would you like to do?
NGINX Reverse Proxy Authentication For Elasticsearch
# Run me with:
#
# $ nginx -p /path/to/this/file/ -c nginx.conf
#
# All requests are then routed to authenticated user's index, so
#
# GET http://user:password@localhost/_search?q=*
#
# is rewritten to:
#
# GET http://localhost:9200/_search?q=*
worker_processes 1;
pid nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name search.example.com;
error_log elasticsearch-errors.log;
access_log elasticsearch.log;
location / {
# Deny access to Cluster API
if ($request_filename ~ "_cluster") {
return 403;
break;
}
# Pass requests to ElasticSearch
proxy_pass http://localhost:9200;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# Authorize access
auth_basic "ElasticSearch";
auth_basic_user_file passwords;
# Route all requests to the root index
rewrite ^(.*)$ $1 break;
rewrite_log on;
return 403;
}
}
}
@pankajpanwar1

This comment has been minimized.

Copy link

pankajpanwar1 commented Dec 7, 2018

Hi , does auth_basic "ElasticSearch" means cluster_name of our elastic cluster

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment