编程知识 cdmana.com

Elasticsearch adds HTTP basic authentication

ES Of HTTP The connection does not provide any access control measures , Once deployed to the public network, there is a risk of data leakage , In particular elasticsearch-head This friendly front-end control , Let your data at a glance . Make a simple front end http Verification is urgent ,elasticsearch-http-basic That's right ES HTTP Connected IP White list Password permissions And trust agent function .

elasticsearch-http-basic Not yet ES The standard bin/plugin install [github-name]/[repo-name] Installation method of , But the author has provided compiled jar package , No need to download the source code and recompile .GitHub The latest version on is corresponding to ES Of 1.4.0 edition , But it's been proven 1.5.2 It's also available .

The plug-in installation steps are as follows :

  • from elasticsearch-http-basic Download the corresponding version of jar package
  • mkdir -p plugins/http-basic; mv elasticsearch-http-basic-x.x.x.jar plugins/http-basic( Notice the name of the folder )
  • restart ES process
  • Verify that the plug-in works :curl localhost:9200/_nodes/[your-node-name]/plugins?pretty=true( If you see plugins The list contains http-basic-server-plugin That means the plug-in is working )

elasticsearch-http-basic And others ES The plug-in is the same , stay config/elasticsearch.yml Unified configuration in :


http.basic.enabled: true  # switch , Opening will take over all HTTP Connect 
http.basic.log: false     # Add unauthorized access events to ES Log              
http.basic.user: "loguser"     # account number       
http.basic.password: "logpwd"  # password 
http.basic.ipwhitelist: ["172.16.18.171","172.16.18.114"] # On the white list ip Access doesn't need to be through an account and password , Support ip And the host name , I won't support it ip Interval or regular   
http.basic.xforward: "X-Forwarded-For" # Recording the agent path header Field name 
http.basic.trusted_proxy_chains: ["172.16.18.114"] # List of trusted agents 


 test :
Shell
#  No account password , inaccessible 
>>> curl http://[your-node-name]:[your-port]/[your-index]/_count?pretty=true
Authentication Required
#  adopt user Option with account and password , Return normal data 
>>> curl --user [your-admin]:[your-password] http://[your-node-name]:[your-port]/[your-index]/_count?pretty=true
{
  "count" : xxx,
  "_shards" : {
    "total" : xxx,
    "successful" : xxx,
    "failed" : 0
  }
}
 Added HTTP After basic certification ,elasticsearch-head The same pop-up window will ask you to authenticate your authority first 

 

 

版权声明
本文为[HLee]所创,转载请带上原文链接,感谢

Scroll to Top