I run Elasticsearch 5.0 on my production server.
I use Nginx as a reverse proxy server.
My website is secured with Let's Encrypt so I need Elasticsearch to run over https
like this
curl -XGET https://172.31.18.5..........
otherwise my site fails to receive data from Elasticsearch.
I've read this post for setting up basic authentication for Elasticsearch with Nginx.
The post suggests configuration as the below.
server {
listen 80;
server_name {{ your_search_domain }};
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
server_name {{ your_search_domain }};
ssl on;
ssl_certificate {{ ssl_dir }}/elasticsearch.crt;
ssl_certificate_key {{ ssl_dir }}/elasticsearch.key;
access_log {{ nginx_log_file }};
error_log {{ nginx_error_file }};
location / {
rewrite ^/(.*) /$1 break;
proxy_ignore_client_abort on;
proxy_pass http://localhost:9200;
proxy_redirect http://localhost:9200 http://{{ your_search_domain }}/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
auth_basic "Search Authentication";
auth_basic_user_file {{ nginx_htcontrol }};
}
}
I have changed the parts surrounded by {{ }} but failed to run it over https
.
It only accepts http
like this curl -XGET http://172.31.18.5...........
Can I use the same Let's Encrypt certificate and key for ssl_certificate
and ssl_certificate_key
respectively?
Should proxy_pass
be like proxy_pass http://172.31.18.5:9200
?
My setups
I have only one master-eligible data node in my cluster.
I set number_of_shards
to 1, and number_of_replicas
to 0.
The followings are the setups for my elasticsearch.yaml
.
http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/
cluster.name: MyAppName
node.name: ${HOSTNAME}
bootstrap.memory_lock: true
network.host: 172.31.18.5
discovery.zen.minimum_master_nodes: 1