Elasticssearch的HTTP基本认证实现有两种方案: x-pack和nginx反向代理. 前者收费, 后者不太适合生产使用. 如果仅仅是开发测试, 第二种完全足够.

创建密码

1
htpasswd -bc ./passwd [username] [password]

Docker compose

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
version: '3'
services:
elasticsearch:
image: elasticsearch:5.5.2
container_name: elasticsearch
restart: unless-stopped
volumes:
- /tmp/elasticsearch:/usr/share/elasticsearch/data
nginx:
image: nginx:latest
container_name: elasticsearch-proxy
ports:
- 9200:9200
links:
- elasticsearch
volumes:
- ./passwd:/etc/nginx/.passwd
- ./default.conf:/etc/nginx/conf.d/default.conf

nginx配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
upstream es {
server elasticsearch:9200;
keepalive 15;
}

server {

listen 9200;
server_name localhost;
access_log /dev/stdout;
error_log /dev/stdout;

location / {
auth_basic "Administrator’s Area";
auth_basic_user_file /etc/nginx/.passwd;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_pass http://es;
}

location /health {
access_log off;
return 200 "healthy\n";
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}