Skip to content

Instantly share code, notes, and snippets.

@thelebster

thelebster/drupal-access-aws-vpc-based-elasticsearch-cluster-locally.md

Last active November 14, 2021 08:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save thelebster/4b3d78f27d848e99fddb899da7b942eb to your computer and use it in GitHub Desktop.
Save thelebster/4b3d78f27d848e99fddb899da7b942eb to your computer and use it in GitHub Desktop.
Download ZIP
Allow insecure connections to the AWS VPC-based Elasticsearch cluster in Drupal 8/9 during local development
Raw
drupal-access-aws-vpc-based-elasticsearch-cluster-locally.md

Allow insecure connections to the AWS VPC-based Elasticsearch cluster in Drupal 8/9 during local development

Wanted to be able to debug some Elasticsearch-related issues or cases within the production environment. To make this work, you need to ignore the invalid SSL certificate and adjust the Elasticsearch cluster index name, that usually tied to the database name.

Make Elasticsearch cluster accessible locally

Suppose you already have an EC2 instance running in the same VPC as your Elasticsearch cluster and that instance security group allows access to the Elasticsearch cluster.

  1. Create an entry in your SSH config file (~/.ssh/config):
# Elasticsearch tunnel
Host estunnel
  HostName 18.43.68.38 # EC2 instance public IP address
  User ec2-user
  IdentityFile ~/.ssh/PRIVATE-KEY.pem
  LocalForward 9200 vpc-ES-DOMAIN-NAME-identifier.REGION.es.amazonaws.com:443
  1. Run ssh -N estunnel from the command line and try to open https://localhost:9200 in the browser (ignore the invalid SSL certificate).

Drupal configuration

  1. Using hook hook_elasticsearch_connector_load_library_options_alter modify the connector library options to disable SSL certificate verification for local environment:
function example_module_elasticsearch_connector_load_library_options_alter(&$options, &$cluster) {
  $env = \Drupal\Core\Site\Settings::get('drupal_env');
  if ($env === 'local') {
    // Disable SSL certificate verification.
    $options['curl'][CURLOPT_SSL_VERIFYPEER] = FALSE;
    $options['curl'][CURLOPT_SSL_VERIFYHOST] = FALSE;
  }
}

  1. To make this work for local environment, add $settings['drupal_env'] = 'local'; line to the settings.local.php file.

  2. Override elasticsearch_connector module configuration using setting.local.php:

$config['elasticsearch_connector.cluster.aws']['url'] = 'https://127.0.0.1:9200';
// Comment out the lines below if you don't need to overwrite the cluster index name.
$config['elasticsearch_connector.cluster.aws']['options']['rewrite']['rewrite_index'] = true;
$config['elasticsearch_connector.cluster.aws']['options']['rewrite']['index']['prefix'] = 'elasticsearch_index_INDEX_NAME';
$config['elasticsearch_connector.cluster.aws']['options']['rewrite']['index']['suffix'] = '';

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment