Coding Notes

nginx

Note that this configuration leaves our Elastic Search installation vulnerable to tampering if we open port 9200 to the world. Anyone can issue a DELETE or UPDATE command via the web which would mess up our data. We therefore set up an nginx server to act as a proxy and block access to DELETE and UPDATE (as described in this post): http://stackoverflow.com/questions/14115475/easy-way-to-make-an-elasticsearch-server-read-only Here is a copy of the configuration file for NGINX from the stackoverflow link above:

 Run me with:
#
#     $ nginx -c path/to/this/file
#
# All requests except GET are denied.

worker_processes  1;
pid               nginx.pid;

events {
    worker_connections  1024;
}

http {

  server {

    listen       8080;
    server_name  search.example.com;

    error_log   elasticsearch-errors.log;
    access_log  elasticsearch.log;

    location / {
      if ($request_method !~ "GET") {
        return 403;
        break;
      }

      proxy_pass http://localhost:9200;
      proxy_redirect off;

      proxy_set_header  X-Real-IP  $remote_addr;
      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header  Host $http_host;
    }

  }

}

Here are instructions to install nginx:

https://www.nginx.com/resources/wiki/start/topics/tutorials/install/

Here are instructions to run nginx from the command line.

https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Coding Notes

nginx

Clone this wiki locally