ElasticSearch HTTP Authentication via Nginx

In the Elasticsearch settings file, if you set the

network.host:0.0.0.0

Indicates that the Elasticsearch service is exposed to any IP that can access the Elasticsearch service. This is certainly not safe.

We can do the login verification for Elasticsearch by installing X-pack, but this is a fee that can only be used for free for 30 days.

Another way is that we often use the Nginx reverse proxy service and use the Http-basic module to do HTTP authentication.

Under nginx Add configuration file content as follows

#upstream dev.es.daojia.com.cn {#//If you have more than one server, you can configure upstream polling here#}server{server_name dev.es.xxx.com.cn; Location/{proxy_http_version1.1; Proxy_set_header Connection"";            Proxy_set_header Host $host; Proxy_set_header X-real-IP $remote _addr; Proxy_set_header X-forwarded-For $proxy _add_x_forwarded_for; Auth_basic"Login"; Auth_basic_user_file/etc/nginx/conf.d/htpasswd;            AutoIndex on; Proxy_pass http://127.0.0.1:9200;} access_log/data/logs/nginx/Dev.es.xxx.com.cn.access.log Main; Error_log/data/logs/nginx/nginx-Error.log;}

Proxy_pass represents the proxy target

Auth_basic_user_file says
Using HTTP://WWW.MATOOLS.COM/HTPASSWD to generate Crypt (all Unix servers) a password in a secret form

You can see that the user named plaintext password is encrypted: delimited

Copy it to the directory file that we set up.

Then modify the configuration of the Elasticsearch network.host

If Nginx and Elasticsearch on the same server can be set to

network.host:127.0.0.1

If you are not on the same machine, set the Network.host option to the IP of the Nginx server.

Then restart Nginx and ElasticSearch

Then we are unable to access the ElasticSearch via IP plus port.

In the Enter the domain name of our configuration to see

Enter your account es123 and password to es123.

ElasticSearch HTTP Authentication via Nginx