Last active
December 17, 2015 12:09
-
-
Save nickdunn/5607392 to your computer and use it in GitHub Desktop.
I run ElasticSearch on the same box as my Apache webserver (one single VPS). I authenticate every request to ElasticSearch.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Drop all incoming connections to ElasticSearch on port 9200: | |
| iptables -A INPUT -j DROP -p tcp --destination-port 9200 -i eth0 | |
| 2. Persist this change on reboot: | |
| iptables-save > /root/my_iptables_config | |
| /sbin/iptables-restore < /root/my_iptables_config | |
| 3. Create a directory in your web application, I usually name mine /_es and add an .htaccess file. | |
| This will pass authenticated requests to ElasticSearch as usual e.g. http://mydomain.com/_es/{path} | |
| Order deny, allow | |
| Deny from all | |
| # first check user/pass | |
| AuthUserFile /var/www/mydomain.com/www/_es/.htpasswd | |
| AuthType Basic | |
| AuthName "Log In" | |
| Require valid-user | |
| # if not, check my own IP | |
| # useful for development to bypass authentication. Remove in production. | |
| Allow from 82.1.152.153 | |
| Satisfy Any | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteRule ^(.+) http://127.0.0.1:9200/$1 [P] | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment