-
Notifications
You must be signed in to change notification settings - Fork 0
Coding Notes
Gully Burns edited this page Jul 10, 2017
·
3 revisions
Note that this configuration leaves our Elastic Search installation vulnerable to tampering if we open port 9200 to the world. Anyone can issue a DELETE or UPDATE command via the web which would mess up our data. We therefore set up an nginx server to act as a proxy and block access to DELETE and UPDATE (as described in this post): http://stackoverflow.com/questions/14115475/easy-way-to-make-an-elasticsearch-server-read-only Here is a copy of the configuration file for NGINX from the stackoverflow link above:
Run me with:
#
# $ nginx -c path/to/this/file
#
# All requests except GET are denied.
worker_processes 1;
pid nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 8080;
server_name search.example.com;
error_log elasticsearch-errors.log;
access_log elasticsearch.log;
location / {
if ($request_method !~ "GET") {
return 403;
break;
}
proxy_pass http://localhost:9200;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
}
Here are instructions to install nginx:
Here are instructions to run nginx from the command line.