How to connect Elasticsearch over HTTPS with Nginx as a reverse proxy server

I run Elasticsearch 5.0 on my production server.
I use Nginx as a reverse proxy server.
My website is secured with Let's Encrypt so I need Elasticsearch to run over https like this
curl -XGET otherwise my site fails to receive data from Elasticsearch.
I've read this post for setting up basic authentication for Elasticsearch with Nginx.
The post suggests configuration as the below.

server {
    listen      80;
    server_name {{ your_search_domain }};
    rewrite     ^ https://$server_name$request_uri? permanent;

server {
    listen 443;
    server_name {{ your_search_domain }};
    ssl on;
    ssl_certificate     {{ ssl_dir }}/elasticsearch.crt;
    ssl_certificate_key {{ ssl_dir }}/elasticsearch.key;

   access_log {{ nginx_log_file }};
   error_log {{ nginx_error_file }};

    location / {
        rewrite ^/(.*) /$1 break;
        proxy_ignore_client_abort on;
        proxy_pass http://localhost:9200;
        proxy_redirect http://localhost:9200 http://{{ your_search_domain }}/;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  Host $http_host;
        auth_basic "Search Authentication";
        auth_basic_user_file {{ nginx_htcontrol }};

I have changed the parts surrounded by {{ }} but failed to run it over https.
It only accepts http like this curl -XGET
Can I use the same Let's Encrypt certificate and key for ssl_certificate and ssl_certificate_key respectively?
Should proxy_pass be like proxy_pass ?

My setups
I have only one master-eligible data node in my cluster.

I set number_of_shards to 1, and number_of_replicas to 0.

The followings are the setups for my elasticsearch.yaml.

http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/ MyAppName ${HOSTNAME}
bootstrap.memory_lock: true
discovery.zen.minimum_master_nodes: 1
1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.