I'd like to expose Kibana + Elasticsearch publicly, since it's an easy
exploration tool for the data I'm storing in es. From browsing
the web and the mailing list, it looks like such a setup--while
discouraged--can still be done by using a reverse proxy in front of the
HTTP server of es. For example, however http://demo.kibana.org is
secured.
The steps I'm planning to take are:
Use nginx proxy_pass for public HTTP
Disable PUT/DELETE methods
Disable POST on all but the _search endpoint for my index.
Disable dynamic script execution in queries.
Is there anything else I need to do to ensure users can't
add/change/delete
the data or gain access to the machine through es?
(As an aside, does anybody have experience running elasticsearch on
VPSses
with 256-512MB of ram? Any tips to reduce memory usage?)
On Thursday, March 6, 2014 1:50:23 AM UTC-5, qu...@hakase.org wrote:
Hi,
I'd like to expose Kibana + Elasticsearch publicly, since it's an easy
exploration tool for the data I'm storing in es. From browsing
the web and the mailing list, it looks like such a setup--while
discouraged--can still be done by using a reverse proxy in front of the
HTTP server of es. For example, however http://demo.kibana.org is
secured.
The steps I'm planning to take are:
Use nginx proxy_pass for public HTTP
Disable PUT/DELETE methods
Disable POST on all but the _search endpoint for my index.
Disable dynamic script execution in queries.
Is there anything else I need to do to ensure users can't
add/change/delete
the data or gain access to the machine through es?
(As an aside, does anybody have experience running elasticsearch on
VPSses
with 256-512MB of ram? Any tips to reduce memory usage?)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
