Since you are using Heroku, I'd go with SSL and basic authentication set up
in nginx together with proxying. That way only authenticated requests get
into your ES cluster. You could enhance security further by setting up a
firewall on the ES side that blocks anything coming from outside a
whitelisted set of ips. Finally, instead of basic authentication, you could
also use client side certificates. That way, only clients with the correct
certificates can get in. It goes without saying that if you use SSL, you
should be pooling your connections. Otherwise, you end up paying a huge per
request overhead in the form of SSL handshakes.
Whether you let jetty or nginx do the SSL is really a matter of taste. Both
are pretty capable solutions. Nginx is quite simple to set up though and
has the advantage that you can run any off the shelf Elasticsearch
distribution without bothering with plugins.
Jilles
On Thursday, September 5, 2013 11:30:55 AM UTC+2, doug livesey wrote:
Hi -- I need to provide access to some Elasticsearch indices both in EC2
(where it is hosted) and Heroku. I've been reading a bit around this, and
the two solutions suggested seem to be using the jetty plugin, or using a
proxy.
Of the two, I'd probably be most comfortable setting up a proxy using
nginx, and having that use SSL, as I'm not really au fait with Java and its
eco-system.
That said, the main issue has to be performance, so I guess my question
should be if there's a difference between the two approaches, and which
people would recommend?
Cheers,
Doug.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.