Head is HTML5 application, which means head code doesn't run inside
elasticsearch. Instead you load it into your browser, and then your browser
is executing all necessary queries against elasticsearch. In other words,
to use head you need to provide access from your browser to all requests
that head is using. Head itself doesn't have to be protected since just
accessing head doesn't give you anything that is not already available on
github.
If you fell comfortable with configuring jetty, you might want to take a
look at jetty plugin for elasticsearch
(GitHub - sonian/elasticsearch-jetty). It will allow you to setup
authentication on the elasticsearch nodes without an intermediate layer.
On Thursday, March 22, 2012 4:29:47 PM UTC-4, Dragan wrote:
Hi,
I am working on restricting access to my elasticsearch cluster and I'd
love some feedback on it.
All outside requests should go through an authenticated server that
passes them (unauthenticated) to elasticsearch. The ES machines only
accept requests from this server and from each other, all other
requests are denied.
I am trying to figure out what I'm going to do with the head plugin. I
can expose an api function that passes the status request to
elasticsearch, but it would be nice to be able to check up on the
index through /_plugin/head/
My questions are the following:
-
I can open port X (X would be a different port from the one on
which ES is running) and only allow authenticated access on it. I am
assuming I can host head on port X, since all I need is to access
/plugins/head/_site/index.html
Is that correct?
-
Is this a good way to protect my cluster?
Thank you
On Thursday, March 22, 2012 4:29:47 PM UTC-4, Dragan wrote:
Hi,
I am working on restricting access to my elasticsearch cluster and I'd
love some feedback on it.
All outside requests should go through an authenticated server that
passes them (unauthenticated) to elasticsearch. The ES machines only
accept requests from this server and from each other, all other
requests are denied.
I am trying to figure out what I'm going to do with the head plugin. I
can expose an api function that passes the status request to
elasticsearch, but it would be nice to be able to check up on the
index through /_plugin/head/
My questions are the following:
-
I can open port X (X would be a different port from the one on
which ES is running) and only allow authenticated access on it. I am
assuming I can host head on port X, since all I need is to access
/plugins/head/_site/index.html
Is that correct?
-
Is this a good way to protect my cluster?
Thank you