Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Allow insecure connections to the AWS VPC-based Elasticsearch cluster in Drupal 8/9 during local development

Allow insecure connections to the AWS VPC-based Elasticsearch cluster in Drupal 8/9 during local development

Wanted to be able to debug some Elasticsearch-related issues or cases within the production environment. To make this work, you need to ignore the invalid SSL certificate and adjust the Elasticsearch cluster index name, that usually tied to the database name.

Make Elasticsearch cluster accessible locally

Suppose you already have an EC2 instance running in the same VPC as your Elasticsearch cluster and that instance security group allows access to the Elasticsearch cluster.

  1. Create an entry in your SSH config file (~/.ssh/config):
# Elasticsearch tunnel
Host estunnel
  HostName 18.43.68.38 # EC2 instance public IP address
  User ec2-user
  IdentityFile ~/.ssh/PRIVATE-KEY.pem
  LocalForward 9200 vpc-ES-DOMAIN-NAME-identifier.REGION.es.amazonaws.com:443
  1. Run ssh -N estunnel from the command line and try to open https://localhost:9200 in the browser (ignore the invalid SSL certificate).

Drupal configuration

  1. Using hook hook_elasticsearch_connector_load_library_options_alter modify the connector library options to disable SSL certificate verification for local environment:
function example_module_elasticsearch_connector_load_library_options_alter(&$options, &$cluster) {
  $env = \Drupal\Core\Site\Settings::get('drupal_env');
  if ($env === 'local') {
    // Disable SSL certificate verification.
    $options['curl'][CURLOPT_SSL_VERIFYPEER] = FALSE;
    $options['curl'][CURLOPT_SSL_VERIFYHOST] = FALSE;
  }
}
  1. To make this work for local environment, add $settings['drupal_env'] = 'local'; line to the settings.local.php file.

  2. Override elasticsearch_connector module configuration using setting.local.php:

$config['elasticsearch_connector.cluster.aws']['url'] = 'https://127.0.0.1:9200';
// Comment out the lines below if you don't need to overwrite the cluster index name.
$config['elasticsearch_connector.cluster.aws']['options']['rewrite']['rewrite_index'] = true;
$config['elasticsearch_connector.cluster.aws']['options']['rewrite']['index']['prefix'] = 'elasticsearch_index_INDEX_NAME';
$config['elasticsearch_connector.cluster.aws']['options']['rewrite']['index']['suffix'] = '';

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment