How to connect Elasticsearch over HTTPS with Nginx as a reverse proxy server

I run Elasticsearch 5.0 on my production server.
I use Nginx as a reverse proxy server.
My website is secured with Let's Encrypt so I need Elasticsearch to run over https like this
curl -XGET https://172.31.18.5.......... otherwise my site fails to receive data from Elasticsearch.
I've read this post for setting up basic authentication for Elasticsearch with Nginx.
The post suggests configuration as the below.

server {
    listen      80;
    server_name {{ your_search_domain }};
    rewrite     ^ https://$server_name$request_uri? permanent;
}

server {
    listen 443;
    server_name {{ your_search_domain }};
    ssl on;
    ssl_certificate     {{ ssl_dir }}/elasticsearch.crt;
    ssl_certificate_key {{ ssl_dir }}/elasticsearch.key;

   access_log {{ nginx_log_file }};
   error_log {{ nginx_error_file }};

    location / {
        rewrite ^/(.*) /$1 break;
        proxy_ignore_client_abort on;
        proxy_pass http://localhost:9200;
        proxy_redirect http://localhost:9200 http://{{ your_search_domain }}/;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  Host $http_host;
        auth_basic "Search Authentication";
        auth_basic_user_file {{ nginx_htcontrol }};
    }
}

I have changed the parts surrounded by {{ }} but failed to run it over https.
It only accepts http like this curl -XGET http://172.31.18.5...........
Can I use the same Let's Encrypt certificate and key for ssl_certificate and ssl_certificate_key respectively?
Should proxy_pass be like proxy_pass http://172.31.18.5:9200 ?

My setups
I have only one master-eligible data node in my cluster.

I set number_of_shards to 1, and number_of_replicas to 0.

The followings are the setups for my elasticsearch.yaml.

http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/
cluster.name: MyAppName
node.name: ${HOSTNAME}
bootstrap.memory_lock: true
network.host: 172.31.18.5
discovery.zen.minimum_master_nodes: 1
1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.