Elasticssearch的HTTP基本认证实现有两种方案: x-pack和nginx反向代理. 前者收费, 后者不太适合生产使用. 如果仅仅是开发测试, 第二种完全足够.

创建密码

1
htpasswd -bc ./passwd [username] [password]

Docker compose

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
version: '3'
services:
  elasticsearch:
    image: elasticsearch:5.5.2
    container_name: elasticsearch
    restart: unless-stopped
    volumes:
      - /tmp/elasticsearch:/usr/share/elasticsearch/data
  nginx:
    image: nginx:latest
    container_name: elasticsearch-proxy
    ports:
      - 9200:9200
    links:
      - elasticsearch
    volumes:
      - ./passwd:/etc/nginx/.passwd
      - ./default.conf:/etc/nginx/conf.d/default.conf

nginx配置文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
upstream es {
	server elasticsearch:9200;
	keepalive 15;
}

server {

    listen       9200;
    server_name  localhost;
    access_log /dev/stdout;
    error_log /dev/stdout;

    location / {
            auth_basic           "Administrator’s Area";
            auth_basic_user_file /etc/nginx/.passwd;
            proxy_http_version 1.1;
		      proxy_set_header Connection "Keep-Alive";
		      proxy_set_header Proxy-Connection "Keep-Alive";
            proxy_pass http://es;
        }

	location /health {
            access_log off;
            return 200 "healthy\n";
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }