Is it possible to output to an elasticsearch instance via reverse proxy uri?


(Matt Vasquez) #1

I am using Apache to reverse proxy to Elasticsearch via a uri location (https://reverse_proxy/elastic). I am using a reverse proxy for external users due to firewall constraints which block 9200 but allow 443..

Here is my Logstash output configuration

output {

    stdout { codec => json_lines }

    elasticsearch {

    hosts => "https://reverse_proxy:443/elastic"

    ssl => true

    cacert => "..\.\certs\rootca.pem"

    user =? "elastic"

    password => "${es_pass}"

    index =>; "dashboard_test"

    }

    }

This is the warning I get when running logstash:

[2019-01-14T11:37:23,419][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@reverse_proxy:443/elastic", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@reverse_proxy:443/elastic][Manticore::SocketException] Software caused connection abort: recv failed"}