Instantly share code, notes, and snippets.

Embed
What would you like to do?
Route requests to ElasticSearch to authenticated user's own index with an Nginx reverse-proxy
# Run me with:
#
# $ nginx -p /path/to/this/file/ -c nginx.conf
#
# All requests are then routed to authenticated user's index, so
#
# GET http://user:password@localhost:8080/_search?q=*
#
# is rewritten to:
#
# GET http://localhost:9200/user/_search?q=*
worker_processes 1;
pid nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 8080;
server_name search.example.com;
error_log elasticsearch-errors.log;
access_log elasticsearch.log;
location / {
# Deny access to Cluster API
if ($request_filename ~ "_cluster") {
return 403;
break;
}
# Pass requests to ElasticSearch
proxy_pass http://localhost:9200;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# Authorize access
auth_basic "ElasticSearch";
auth_basic_user_file passwords;
# Route all requests to authorized user's own index
rewrite ^(.*)$ /$remote_user$1 break;
rewrite_log on;
return 403;
}
}
}
@rdetert

This comment has been minimized.

rdetert commented Oct 12, 2013

How are we supposed to configure Tire using this proxy method?
Right now I have this in an initializer but it doesn't work.

require 'tire'
Tire.configure do
url 'http://myuser:pass@mydomain.com:8080'
end

I'm getting this error:
'No handler found for uri [/myuser/twitter/tweet/52184af1f277f97d4f000007] and method [POST]'

@micahasmith

This comment has been minimized.

micahasmith commented Mar 14, 2014

I didnt notice initially that this was to reroute to a user's index.

IF you are attempting to use this script as a generic rewrite and you're getting HTTP 500s then it'd be wise to change the line:

rewrite ^(.*)$ /$remote_user$1 break;

to

rewrite ^(.*)$ $1 break;

so that you grant global access, not user access. such was my case.

thanks for posting @karmi

@everm1nd

This comment has been minimized.

everm1nd commented Apr 21, 2014

@rdetert I had the same issue and figured out that there is a problem with POST requests (GET requests works fine for me). I fixed it with line proxy_http_version 1.1; at top of proxy block.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment