easy way to make an elasticsearch server read-only

前端未结

关注

 7  2036

日久生厌 2021-02-02 13:03

It\'s really easy to just upload a bunch of json data to an elasticsearch server to have a basic query api, with lots of options

I\'d just like to know if there\'s and e

7条回答

梦谈多话 (楼主)

2021-02-02 13:23

I know it's an old topic. I encountered the same problem, put ES behind Nginx in order to make it read only but allow kibana to access it.

The only request from ES that Kibana needs in my case is "url_public/_all/_search".

So I allowed it into my Nginx conf.

Here my conf file :

server {

    listen port_es;
    server_name ip_es;

    rewrite ^/(.*) /$1 break;
    proxy_ignore_client_abort on;
    proxy_redirect url_es url_public;
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  Host $http_host;

    location ~ ^/(_all/_search) {
        limit_except GET POST OPTIONS {
                deny  all;
        }
        proxy_pass url_es;
    }

    location / {

        limit_except GET {
                deny  all;
        }
        proxy_pass url_es;
    }
}

So only GET request are allowed unless the request is _all/_search. It is simple to add other request if needed.

0 讨论(0)

查看其它7个回答