Last active
August 29, 2015 14:20
-
-
Save nyroDev/6b7cea0310b0cfed6134 to your computer and use it in GitHub Desktop.
ElasticSearch protected behind nginx, different protection for index (or _plugin)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#/etc/nginx/sites-availables/elasticsearch.conf | |
server { | |
# We're using the port 9292 to access elasticsearch | |
listen 9292; | |
listen [::]:9292; | |
server_name example.com; | |
expires off; | |
# Global protetion | |
auth_basic "RESTRICTED ACCESS ES"; | |
auth_basic_user_file /etc/elasticsearch/.htpasswd; | |
# Protect an index differently | |
location /other { | |
auth_basic "RESTRICTED ACCESS ES Other"; | |
# Specify an other htpasswd file for this index | |
# This is better if you incldue your global access also in this file if you want to be logged on this index too | |
auth_basic_user_file /etc/elasticsearch/.htpasswdOther; | |
# Use an other file to configure Elasticsaarch proxy in one place | |
include /etc/nginx/snippets/elasticsearch.conf; | |
} | |
location / { | |
# Use an other file to configure Elasticsaarch proxy in one place | |
include /etc/nginx/snippets/elasticsearch.conf; | |
} | |
access_log /var/log/nginx/elasticsearch/access.log; | |
error_log /var/log/nginx/elasticsearch/error.log; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/nginx/snippets/elasticsearch.conf | |
# Pass requests to ElasticSearch | |
proxy_pass http://localhost:9200; | |
proxy_redirect off; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_pass_header Access-Control-Allow-Origin; | |
proxy_pass_header Access-Control-Allow-Methods; | |
proxy_hide_header Access-Control-Allow-Headers; | |
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type'; | |
add_header Access-Control-Allow-Credentials true; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment