Created
May 23, 2011 08:16
-
-
Save karmi/986390 to your computer and use it in GitHub Desktop.
Route requests to ElasticSearch to authenticated user's own index with an Nginx reverse-proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run me with: | |
| # | |
| # $ nginx -p /path/to/this/file/ -c nginx.conf | |
| # | |
| # All requests are then routed to authenticated user's index, so | |
| # | |
| # GET http://user:password@localhost:8080/_search?q=* | |
| # | |
| # is rewritten to: | |
| # | |
| # GET http://localhost:9200/user/_search?q=* | |
| worker_processes 1; | |
| pid nginx.pid; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| server { | |
| listen 8080; | |
| server_name search.example.com; | |
| error_log elasticsearch-errors.log; | |
| access_log elasticsearch.log; | |
| location / { | |
| # Deny access to Cluster API | |
| if ($request_filename ~ "_cluster") { | |
| return 403; | |
| break; | |
| } | |
| # Pass requests to ElasticSearch | |
| proxy_pass http://localhost:9200; | |
| proxy_redirect off; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| # Authorize access | |
| auth_basic "ElasticSearch"; | |
| auth_basic_user_file passwords; | |
| # Route all requests to authorized user's own index | |
| rewrite ^(.*)$ /$remote_user$1 break; | |
| rewrite_log on; | |
| return 403; | |
| } | |
| } | |
| } |
I didnt notice initially that this was to reroute to a user's index.
IF you are attempting to use this script as a generic rewrite and you're getting HTTP 500s then it'd be wise to change the line:
rewrite ^(.*)$ /$remote_user$1 break;
to
rewrite ^(.*)$ $1 break;
so that you grant global access, not user access. such was my case.
thanks for posting @karmi
@rdetert I had the same issue and figured out that there is a problem with POST requests (GET requests works fine for me). I fixed it with line proxy_http_version 1.1; at top of proxy block.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How are we supposed to configure Tire using this proxy method?
Right now I have this in an initializer but it doesn't work.
require 'tire'
Tire.configure do
url 'http://myuser:pass@mydomain.com:8080'
end
I'm getting this error:
'No handler found for uri [/myuser/twitter/tweet/52184af1f277f97d4f000007] and method [POST]'