ElasticSearch通过Nginx http basic 限制访问

原文: Elasticsearch安全篇，通过Nginx http basic 限制访问

1. tengine配置:

        #关键点，配置帐号密码
        auth_basic "ElasticSearch登录";#提示信息
        auth_basic_user_file /var/local/password; #密码文件（docker中tengine挂载密码文件）
        autoindex on;

        proxy_pass  http://es服务内网ip:9200;

2. docker-compose配置

    volumes:
      # elasticsearch通过nginx http-basic 限制公网访问
      - /data/tengine/conf/password:/var/local/password

注意: 需要手动进入 docker tengine 容器创建/var/local/password文件并将密码数据复制进去

3. elasticsearch.yml

cluster.name: "docker-es"
# es在docker里面, 不能用127.0.0.1
network.host: 0.0.0.0
# 跨域
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, X-User"

4. 重启elasticsearch & tengine

docker restart elasticsearch
docker-compose up -d tengine

5. 然后外网通过域名访问es服务时会弹出登录窗口, 填写登录成功即可(如果登录失败, 需要关闭浏览器重新打开才会弹出登录窗口)