Setting up Enterprise Search with cloudflare SSL

Elastic Search
1

Hello everyone,

I am trying to setup enterprise search on a Ubuntu 18.04 with Apache2 the domain is proxied using cloudflare and so is the SSL certification.

I am using a PEM certificate.

I have tried to tell entreprise search to use that certificate using these configurations

    ent_search.ssl.enabled: true

    ent_search.ssl.key: /etc/cloudflare/moncefjouets.com.key

    ent_search.ssl.certificate: /etc/cloudflare/moncefjouets.com.pem

but the whole Enterprise Search link becomes inaccessible.

If anyone has encountered this problem I would be grateful if you would land me hand

2

Hello Nader -

Can you describe a bit more of how it is crashing, and provide any output or relevant log items? That would certainly help to flush your issue out a bit more. Also, if you cannot much in the way of relevant log items, try setting log_level: debug in the yml config as this might provide more context.

1 Like
3

Hello Mark,

Thanks for your prompt response well the error is not with enterprise search itself let me show you the output I get for doing a curl:

curl localhost:9201
Warning: Binary output can mess up your terminal. Use "--output -" to tell 
Warning: curl to output it to your terminal anyway, or consider "--output 
Warning: <FILE>" to save to a file.

When I save the output in a file it shows the following

curl localhost:9201 --output /tmp/esout.txt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    14    0    14    0     0   1555      0 --:--:-- --:--:-- --:--:--  1750

and this is the content of the file ^U^C^C^@^B^BP

And over https

$ curl https://localhost:9201

curl: (60) SSL certificate problem: unable to get local issuer certificate

More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, please visit the web page mentioned above.

Now here is my apache config :

cat /etc/apache2/sites-available/es.moncefjouets.com.conf 


<VirtualHost *:80>
        ServerName es.moncefjouets.com
        

        ProxyPreserveHost On
        ProxyPass / http://localhost:9201/
        ProxyPassReverse / http://localhost:9201/
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        RewriteEngine on
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:443>
            ServerName es.moncefjouets.com

            ServerAdmin webmaster@localhost
            ProxyPreserveHost On
            ProxyPass / http://localhost:9201/
            ProxyPassReverse / http://localhost:9201/

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            SSLCertificateFile /etc/cloudflare/moncefjouets.com.pem
            SSLCertificateKeyFile /etc/cloudflare/moncefjouets.com.key
    </VirtualHost>
</IfModule>

Needless to say, of course, that I have changed the default port of enterprise search to 9201.

And for more context when I set the ent_search.ssl.enabled: false the link will work but I cannot login hence the website is sending the api calls on http rather than https.

Thanks again for your help Mark

Edit:

What I have left for now is the enterprise search project deployed on this domain es.moncefjouets.com for you to see the behavior that is occurring you can check it out by typing any username / password. For this I have set ent_search.ssl.enabled to false and just left the apache deal with all the encrypting. Now if I login over http and then switch over to https the app keeps on working normally. Thanks