-
Notifications
You must be signed in to change notification settings - Fork 0
Coding Notes
Note that this configuration leaves our Elastic Search installation vulnerable to tampering if we open port 9200 to the world. Anyone can issue a DELETE or UPDATE command via the web which would mess up our data. We therefore set up an nginx server to act as a proxy and block access to DELETE and UPDATE (as described in this post): http://stackoverflow.com/questions/14115475/easy-way-to-make-an-elasticsearch-server-read-only Here is a copy of the configuration file for NGINX from the stackoverflow link above:
worker_processes 1; pid nginx.pid;
events { worker_connections 1024; }
http {
server {
listen 8080;
server_name search.example.com;
error_log elasticsearch-errors.log;
access_log elasticsearch.log;
location / {
if ($request_method !~ "GET") {
return 403;
break;
}
proxy_pass http://localhost:9200;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
} Here are instructions to install nginx: https://www.nginx.com/resources/wiki/start/topics/tutorials/install/ Here are instructions to run nginx from the command line. https://www.nginx.com/resources/wiki/start/topics/tutorials/commandline/