Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save abrudtkuhl/cfddc0e80af401120136 to your computer and use it in GitHub Desktop.
Save abrudtkuhl/cfddc0e80af401120136 to your computer and use it in GitHub Desktop.
NGINX Reverse Proxy Authentication For Elasticsearch
# Run me with:
#
# $ nginx -p /path/to/this/file/ -c nginx.conf
#
# All requests are then routed to authenticated user's index, so
#
# GET http://user:password@localhost/_search?q=*
#
# is rewritten to:
#
# GET http://localhost:9200/_search?q=*
worker_processes 1;
pid nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name search.example.com;
error_log elasticsearch-errors.log;
access_log elasticsearch.log;
location / {
# Deny access to Cluster API
if ($request_filename ~ "_cluster") {
return 403;
break;
}
# Pass requests to ElasticSearch
proxy_pass http://localhost:9200;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# Authorize access
auth_basic "ElasticSearch";
auth_basic_user_file passwords;
# Route all requests to the root index
rewrite ^(.*)$ $1 break;
rewrite_log on;
return 403;
}
}
}
@colkito
Copy link

colkito commented Aug 23, 2019

@pankajpanwar1
the auth_basic directive is to turn on authentication and to choose a realm name to be displayed to the user when prompting for credentials.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment