Skip to Content
Technical Articles

Add authentication for Elastic search

Elastic Search is a Lucene based search server.It provides a distributed multi-user capability full-text search engine based on a RESTful web interface.

Elastic search, developed in the Java language and released as open source under the Apache license, is a popular enterprise search engine.ElasticSearch is used in cloud computing to achieve real-time search, stability, reliability, speed and ease of installation.The official client is available in Java,.net (C#), PHP, Python, Apache Groovy, Ruby, and many other languages.Elasticsearch is the most popular corporate search engine, according to db-engines’ ranking.

Elastic search does not take authentication by default because it is not designed in an open network environment. When you allow port 9200 external access, your data and cluster are not secure.

Typically elasticsearch clusters are protected by VPN, firewall and other means of restriction.But if you want to connect to elasticsearch clusters on an external network, you can only authenticate with the user’s password.

Here are two ways to add password authentication:
  • use the x-pack plug-in
  • use the Nginx

 

> use x-pack to authentication steps

         1. install x-pack

          (Only Before  Elastic search 6.3 previously required manual download of the x-pack plug-in)

$cd ~/elasticsearch-6.2.4 
$./bin/elasticsearch-plugin install x-pack

         2.set password for Elastic search、logstash、kibana

$cd ~/elasticsearch-6.2.4/bin/x-pack
$./setup-passwords interactive

         3.Set up elastic search configuration file

$vim ~/elasticsearch-6.2.4/config/elasticsearch.yml

         Add the following three lines

http.cors.enabled: true
http.cors.allow-origin: '*'
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

         4.restart elastic search

now we can use username password to visit

curl http://127.0.0.1:9200 -u [username]:[password]

> use nginx to authentication

In this way, the request is sent to nginx, which forwards it to elastic search. Configure HTTP basic authentication in nginx, and the request must be able to pass nginx’s basic authentication, otherwise the elastic search cannot be accessed.

It’s very simple.Elastic search does not require authentication, so it works with all versions of elastic search, and it is free.

steps

  1.  config nginx auth_basic
    open nginx.conf

    $vi ~/nginx/conf/nginx.conf​

    set upstream and  turn on auth_basic

    http {
     
      upstream esservice{
        server 127.0.0.1:9200;
      }
     
      server {
        listen 8080;
     
        auth_basic "Elasticsearch Login";
        auth_basic_user_file passwords; //this is a file
     
        location / {
          proxy_pass http://esservice;
          proxy_redirect off;
        }
      }
     
    }
    ​

    use openssl set password

    $ printf "username:$(openssl passwd -crypt password)\n" > passwords​
  2. run nginx
    $ nginx -p $PWD/nginx/ -c $PWD/nginx_http_auth_basic.conf​
  3. close port 9200 external access
  4. use username password to access elastic search
    $ curl -i -X POST username:password@localhost:8080/_cluster/nodes/​

     

    now the authentication is work.

 

The above two methods are what I tried in the project. Finally, I chose to use nginx’s basic authentication, because our project happened to use nginx, and our ES version was too low.

Hope the above content can help you. thanks for your read.

Be the first to leave a comment
You must be Logged on to comment or reply to a post.