I have an Elasticsearch 8.12 cluster on an internal network. I use self certified certificates and everything is running well, I push data into it all the time using Python, no errors and no warnings.
I also have an Nginx reverse proxy with a proper SSL certificate which I use to provide access to Kibana from outside our network, all have been worked well for years.
I recently needed to ingest data into Elasticsearch from outside our network, so I thought of doing it over the reverse proxy. I added a proxy pass to my Elasticsearch in the reverse proxy configuration file.
I used the same Python 3.10 code that I use internally but merely replaced the URL in the code from eg. https://10.10.10.20:9200 to https://example.com/myelasticsearch.
If I run the code outside our network on a Windows11 machine, all works well, no errors and no warnings. If I run the same code on Ubunu 22.04 with Python 3.10 I get the following error: elastic_transport.TlsError: TLS error caused by: SSLError([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)).
I have scoured the Internet for solutions, tried different suggestions with the proxy settings and and I have checked and checked the code, and the certificate. I tried writing to a different server in the cluster (after I change the proxy pass of course). The same results, the code runs with no errors on Windows, and gives the same error on Ubuntu.
I have tried the same code on WSL (Ubuntu 22.04) and I still get the same error. I downgraded urllib to 1.24, although Elasticsearch complained, I still got the same error.
I changed the Elasticsearch connection code from:
elasticsearch = Elasticsearch([server_id], basic_auth=(user_name, elastic_pass), verify_certs=True, ca_certs=certificate_fullpath)
to:
context = create_default_context(cafile=certificate_fullpath)
context.check_hostname = False
context.hostname_checks_common_name = False
elasticsearch = Elasticsearch([server_id], ssl_context=context, basic_auth=(user_name, elastic_pass))
Same issue, it works when the code is running on Windows and fails when the code is running on Ubuntu.
I added various thing to the Nginx configuration, but to no avail.
If I change verify_certs=True to verify_certs=False in the Elasticsearch connection, then data gets pushed into Elasticsearch when the code is running on Ubuntu but I get a warning that the connection is insecure.
Has anyone come across this and have they been able to solve it?
P.S: I am pretty sure a year or more ago I did push data into Elasticsearch over NGINX reverse proxy using Ubuntu without issues.
Thanks.