Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
NGINX Reverse Proxy Authentication For Elasticsearch
# Run me with:
# $ nginx -p /path/to/this/file/ -c nginx.conf
# All requests are then routed to authenticated user's index, so
# GET http://user:password@localhost/_search?q=*
# is rewritten to:
# GET http://localhost:9200/_search?q=*
worker_processes 1;
events {
worker_connections 1024;
http {
server {
listen 80;
error_log elasticsearch-errors.log;
access_log elasticsearch.log;
location / {
# Deny access to Cluster API
if ($request_filename ~ "_cluster") {
return 403;
# Pass requests to ElasticSearch
proxy_pass http://localhost:9200;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# Authorize access
auth_basic "ElasticSearch";
auth_basic_user_file passwords;
# Route all requests to the root index
rewrite ^(.*)$ $1 break;
rewrite_log on;
return 403;
Copy link

Hi , does auth_basic "ElasticSearch" means cluster_name of our elastic cluster

Copy link

colkito commented Aug 23, 2019

the auth_basic directive is to turn on authentication and to choose a realm name to be displayed to the user when prompting for credentials.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment