2

I have a Elasticsearch running on my server by default it runs on port 9200 and link is public means any one can insert, update, delete anything form anywhere. How do I make it secure like phpMyadmin which can be only accessed with the help of my code and not directly from browser or postman.

Improve this question

3 Answers 3

Reset to default
5

Elasticsearch does not perform authentication or authorization, leaving that as an exercise for the developer. Two popular ways I have seen are

  1. Setup your own proxy (Nginx/HAProxy) fronting elasticsearch - this way you exercise full control. You can also use the Elasticsearch-jetty plugin to have jetty level auth
  2. Shield - If budget permits use Shield which is a paid offering from Elasticsearch - https://www.elastic.co/products/shield

Even with these in place, depending on who you are exposing this to - you may want to disable certain things like dynamic scripting, throttles for DoS etc.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Are there any tutorials or scripts available that I can refer?
Consider - do you have a reason to directly expose the Elasticsearch cluster? What functionality of Elasticsearch do you need to expose, and to whom? Placing a service of your own construction between the end-user and Elasticsearch is a common approach. Restrict access to Elasticsearch (firewall, localhost only, etc.) so only your service can interact with it, then let your service control security.
2

You can use the Elasticsearch basic authentication plugin - https://github.com/Asquera/elasticsearch-http-basic
The README there gives a good idea on how to set it up.

If you are using Kibana3 as a frontend to elasticsearch, you can secure it using https://github.com/fangli/kibana-authentication-proxy

Improve this answer

Comments

0

I have enabled a relatively simple Nginx proxy that sits between my Elasticsearch and Kibana to configure authorized access to my dashboards and charts.

Look at my post here: https://udaysagars.wordpress.com/2016/04/04/how-i-configured-authorized-access-to-kibana-dashboards/

Also, you can view my application that uses this method here: http://udaysagar2177.github.io/ec2/twitter-analytics.html

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.