Nginx实现Elasticsearch的HTTP基本认证

Nginx实现Elasticsearch的HTTP基本认证

Elasticssearch的HTTP基本认证实现有两种方案: x-pack和nginx反向代理. 前者收费, 后者不太适合生产使用. 如果仅仅是开发测试, 第二种完全足够.

创建密码

htpasswd -bc ./passwd [username] [password]

Docker compose

version: '3'
services:
  elasticsearch:
    image: elasticsearch:5.5.2
    container_name: elasticsearch
    restart: unless-stopped
    volumes:
      - /tmp/elasticsearch:/usr/share/elasticsearch/data
  nginx:
    image: nginx:latest
    container_name: elasticsearch-proxy
    ports:
      - 9200:9200
    links:
      - elasticsearch
    volumes:
      - ./passwd:/etc/nginx/.passwd
      - ./default.conf:/etc/nginx/conf.d/default.conf

nginx配置文件

upstream es {
	server elasticsearch:9200;
	keepalive 15;
}

server {

    listen       9200;
    server_name  localhost;
    access_log /dev/stdout;
    error_log /dev/stdout;

    location / {
            auth_basic           "Administrator’s Area";
            auth_basic_user_file /etc/nginx/.passwd;
            proxy_http_version 1.1;
		      proxy_set_header Connection "Keep-Alive";
		      proxy_set_header Proxy-Connection "Keep-Alive";
            proxy_pass http://es;
        }

	location /health {
            access_log off;
            return 200 "healthy\n";
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

(转载本站文章请注明作者和出处乱世浮生,请勿用于任何商业用途)

comments powered by Disqus