Securing Kibana + Elasticsearch for public use


(queue) #1

Hi,

I'd like to expose Kibana + Elasticsearch publicly, since it's an easy
exploration tool for the data I'm storing in es. From browsing
the web and the mailing list, it looks like such a setup--while
discouraged--can still be done by using a reverse proxy in front of the
HTTP server of es. For example, however http://demo.kibana.org is
secured.

The steps I'm planning to take are:

  • Use nginx proxy_pass for public HTTP
  • Disable PUT/DELETE methods
  • Disable POST on all but the _search endpoint for my index.
  • Disable dynamic script execution in queries.

Is there anything else I need to do to ensure users can't
add/change/delete
the data or gain access to the machine through es?

(As an aside, does anybody have experience running elasticsearch on
VPSses
with 256-512MB of ram? Any tips to reduce memory usage?)

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/121f467ed631f7d1d2e10ca149172a7f%40hakase.org.
For more options, visit https://groups.google.com/groups/opt_out.


(Otis Gospodnetić) #2

Hi,

Re ES and VPSs with up to 512 MB RAM. Sure, doable, but very very small
nodes/indexes. :slight_smile:

Otis

Performance Monitoring * Log Analytics * Search Analytics
Solr & Elasticsearch Support * http://sematext.com/

On Thursday, March 6, 2014 1:50:23 AM UTC-5, qu...@hakase.org wrote:

Hi,

I'd like to expose Kibana + Elasticsearch publicly, since it's an easy
exploration tool for the data I'm storing in es. From browsing
the web and the mailing list, it looks like such a setup--while
discouraged--can still be done by using a reverse proxy in front of the
HTTP server of es. For example, however http://demo.kibana.org is
secured.

The steps I'm planning to take are:

  • Use nginx proxy_pass for public HTTP
  • Disable PUT/DELETE methods
  • Disable POST on all but the _search endpoint for my index.
  • Disable dynamic script execution in queries.

Is there anything else I need to do to ensure users can't
add/change/delete
the data or gain access to the machine through es?

(As an aside, does anybody have experience running elasticsearch on
VPSses
with 256-512MB of ram? Any tips to reduce memory usage?)

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/fbbad28f-7830-4737-9f02-fee022f11d96%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(system) #3