Basic Authentication of ES without X-Pack


(SML) #1

I was told that it is possible to do basic authentication of ElasticSearch without installing X-Pack, but I don’t see an option for it. Can you let me know how I can set it up with a simple u/p combo?

Thanks!


(Shane Connelly) #2

X-Pack is the only official and recommended way to secure your Elasticsearch cluster. Occasionally we see people set up a reverse proxy external to Elasticsearch with username/password authentication, but that does only provide edge security (and nothing else really).


(SML) #3

Right so I was right then? Someone on the Elastic Team told me otherwise and I wonder why…

Or… it could be Kibana perhaps? Can you setup Kibana with basic authentication without x-pack?


(Shane Connelly) #4

Kibana doesn't have any built in authentication either. X-Pack provides that.

On https://www.elastic.co/subscriptions we outline what comes with each subscription level. You can have a look at the "Open Source" vs the Gold/Platinum columns and see that native authentication, encrypted communications, and role based access control are in X-Pack rather than open source.


(Dan Markhasin) #5

Using NGINX as a reverse proxy is a common practice for securing ElasticSearch with basic authentication, though it is difficult to achieve higher granularity than that (while you can construct a configuration that would limit access to specific URL patterns with specific HTTP methods to specific groups, it's not scalable and hard to maintain).


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.