Allow insecure connections to the AWS VPC-based Elasticsearch cluster in Drupal 8/9 during local development
Wanted to be able to debug some Elasticsearch-related issues or cases within the production environment. To make this work, you need to ignore the invalid SSL certificate and adjust the Elasticsearch cluster index name, that usually tied to the database name.
Suppose you already have an EC2 instance running in the same VPC as your Elasticsearch cluster and that instance security group allows access to the Elasticsearch cluster.
- Create an entry in your SSH config file (
~/.ssh/config
):
# Elasticsearch tunnel
Host estunnel
HostName 18.43.68.38 # EC2 instance public IP address
User ec2-user
IdentityFile ~/.ssh/PRIVATE-KEY.pem
LocalForward 9200 vpc-ES-DOMAIN-NAME-identifier.REGION.es.amazonaws.com:443
- Run
ssh -N estunnel
from the command line and try to open https://localhost:9200 in the browser (ignore the invalid SSL certificate).
- Using hook
hook_elasticsearch_connector_load_library_options_alter
modify the connector library options to disable SSL certificate verification for local environment:
function example_module_elasticsearch_connector_load_library_options_alter(&$options, &$cluster) {
$env = \Drupal\Core\Site\Settings::get('drupal_env');
if ($env === 'local') {
// Disable SSL certificate verification.
$options['curl'][CURLOPT_SSL_VERIFYPEER] = FALSE;
$options['curl'][CURLOPT_SSL_VERIFYHOST] = FALSE;
}
}
-
To make this work for local environment, add
$settings['drupal_env'] = 'local';
line to thesettings.local.php
file. -
Override elasticsearch_connector module configuration using
setting.local.php
:
$config['elasticsearch_connector.cluster.aws']['url'] = 'https://127.0.0.1:9200';
// Comment out the lines below if you don't need to overwrite the cluster index name.
$config['elasticsearch_connector.cluster.aws']['options']['rewrite']['rewrite_index'] = true;
$config['elasticsearch_connector.cluster.aws']['options']['rewrite']['index']['prefix'] = 'elasticsearch_index_INDEX_NAME';
$config['elasticsearch_connector.cluster.aws']['options']['rewrite']['index']['suffix'] = '';