Nginx实现Elasticsearch的HTTP基本认证
Elasticssearch的HTTP基本认证实现有两种方案: x-pack和nginx反向代理. 前者收费, 后者不太适合生产使用. 如果仅仅是开发测试, 第二种完全足够.
创建密码
htpasswd -bc ./passwd [username] [password]
Docker compose
version: '3'
services:
elasticsearch:
image: elasticsearch:5.5.2
container_name: elasticsearch
restart: unless-stopped
volumes:
- /tmp/elasticsearch:/usr/share/elasticsearch/data
nginx:
image: nginx:latest
container_name: elasticsearch-proxy
ports:
- 9200:9200
links:
- elasticsearch
volumes:
- ./passwd:/etc/nginx/.passwd
- ./default.conf:/etc/nginx/conf.d/default.conf
nginx配置文件
upstream es {
server elasticsearch:9200;
keepalive 15;
}
server {
listen 9200;
server_name localhost;
access_log /dev/stdout;
error_log /dev/stdout;
location / {
auth_basic "Administrator’s Area";
auth_basic_user_file /etc/nginx/.passwd;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_pass http://es;
}
location /health {
access_log off;
return 200 "healthy\n";
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
