Use Nginx as a proxy server to prevent create / update / delete operations on ElasticSearch using the client side of JavaScript

Question

Use Nginx as a proxy server to prevent create / update / delete operations on ElasticSearch using the client side of JavaScript

I have a local ElasticSearch server promulgated by Nginx that prevents POST, PUT, and DELETE requests. Is my Nginx configuration enough to prevent operations that go beyond the collection of information? Do you offer improvements?

upstream elasticsearch { server localhost:9200; } server { listen 7777; location / { return 403; limit_except PUT POST DELETE { proxy_pass http://elasticsearch; } proxy_redirect off; } }

Thanks.

[UPDATE]

My configuration after deagh advice:

  upstream elasticsearch { server localhost:9200; } server { listen 7777; location / { return 403; limit_except PUT POST DELETE { proxy_pass http://elasticsearch; } proxy_redirect off; } location ~* ^(/_cluster|/_nodes|/_shutdown) { return 403; break; } }

+6

proxy nginx elasticsearch

Flavio li volsi Feb 07 '15 at 23:41

source share

1 answer

deagh · Answer 1 · 2015-02-08T10:14:20+0000

You should also monitor connections to different elasticsearh locations, e.g.

_cluster
_nodes
_shutdown

For more information on the working (and secure) setup of nginx and elasticsearch, see the documentation => http://www.elasticsearch.org/blog/playing-http-tricks-nginx/

Use Nginx as a proxy server to prevent create / update / delete operations on ElasticSearch using the client side of JavaScript

More articles: