I was told that it is possible to do basic authentication of ElasticSearch without installing X-Pack, but I don’t see an option for it. Can you let me know how I can set it up with a simple u/p combo?
Thanks!
I was told that it is possible to do basic authentication of ElasticSearch without installing X-Pack, but I don’t see an option for it. Can you let me know how I can set it up with a simple u/p combo?
Thanks!
X-Pack is the only official and recommended way to secure your Elasticsearch cluster. Occasionally we see people set up a reverse proxy external to Elasticsearch with username/password authentication, but that does only provide edge security (and nothing else really).
Right so I was right then? Someone on the Elastic Team told me otherwise and I wonder why…
Or… it could be Kibana perhaps? Can you setup Kibana with basic authentication without x-pack?
Kibana doesn't have any built in authentication either. X-Pack provides that.
On https://www.elastic.co/subscriptions we outline what comes with each subscription level. You can have a look at the "Open Source" vs the Gold/Platinum columns and see that native authentication, encrypted communications, and role based access control are in X-Pack rather than open source.
Using NGINX as a reverse proxy is a common practice for securing ElasticSearch with basic authentication, though it is difficult to achieve higher granularity than that (while you can construct a configuration that would limit access to specific URL patterns with specific HTTP methods to specific groups, it's not scalable and hard to maintain).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.