Forked from karmi/nginx-elasticsearch-proxy.conf
Last active
August 23, 2019 01:33
-
-
Save abrudtkuhl/cfddc0e80af401120136 to your computer and use it in GitHub Desktop.
NGINX Reverse Proxy Authentication For Elasticsearch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Run me with: | |
# | |
# $ nginx -p /path/to/this/file/ -c nginx.conf | |
# | |
# All requests are then routed to authenticated user's index, so | |
# | |
# GET http://user:password@localhost/_search?q=* | |
# | |
# is rewritten to: | |
# | |
# GET http://localhost:9200/_search?q=* | |
worker_processes 1; | |
pid nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
server { | |
listen 80; | |
server_name search.example.com; | |
error_log elasticsearch-errors.log; | |
access_log elasticsearch.log; | |
location / { | |
# Deny access to Cluster API | |
if ($request_filename ~ "_cluster") { | |
return 403; | |
break; | |
} | |
# Pass requests to ElasticSearch | |
proxy_pass http://localhost:9200; | |
proxy_redirect off; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
# Authorize access | |
auth_basic "ElasticSearch"; | |
auth_basic_user_file passwords; | |
# Route all requests to the root index | |
rewrite ^(.*)$ $1 break; | |
rewrite_log on; | |
return 403; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@pankajpanwar1
the
auth_basic
directive is to turn on authentication and to choose a realm name to be displayed to the user when prompting for credentials.