Skip to content

Instantly share code, notes, and snippets.

Created May 23, 2011 08:16
Show Gist options
  • Save karmi/986390 to your computer and use it in GitHub Desktop.
Save karmi/986390 to your computer and use it in GitHub Desktop.
Route requests to ElasticSearch to authenticated user's own index with an Nginx reverse-proxy
# Run me with:
# $ nginx -p /path/to/this/file/ -c nginx.conf
# All requests are then routed to authenticated user's index, so
# GET http://user:password@localhost:8080/_search?q=*
# is rewritten to:
# GET http://localhost:9200/user/_search?q=*
worker_processes 1;
events {
worker_connections 1024;
http {
server {
listen 8080;
error_log elasticsearch-errors.log;
access_log elasticsearch.log;
location / {
# Deny access to Cluster API
if ($request_filename ~ "_cluster") {
return 403;
# Pass requests to ElasticSearch
proxy_pass http://localhost:9200;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# Authorize access
auth_basic "ElasticSearch";
auth_basic_user_file passwords;
# Route all requests to authorized user's own index
rewrite ^(.*)$ /$remote_user$1 break;
rewrite_log on;
return 403;
Copy link

rdetert commented Oct 12, 2013

How are we supposed to configure Tire using this proxy method?
Right now I have this in an initializer but it doesn't work.

require 'tire'
Tire.configure do
url ''

I'm getting this error:
'No handler found for uri [/myuser/twitter/tweet/52184af1f277f97d4f000007] and method [POST]'

Copy link

I didnt notice initially that this was to reroute to a user's index.

IF you are attempting to use this script as a generic rewrite and you're getting HTTP 500s then it'd be wise to change the line:

rewrite ^(.*)$ /$remote_user$1 break;


rewrite ^(.*)$ $1 break;

so that you grant global access, not user access. such was my case.

thanks for posting @karmi

Copy link

@rdetert I had the same issue and figured out that there is a problem with POST requests (GET requests works fine for me). I fixed it with line proxy_http_version 1.1; at top of proxy block.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment