我知道如何只允许GET请求(这里更多http://brudtkuhl.com/securing-elasticsearch/),但在我的情况下,最好配置nginx反向代理以仅允许_search端点。我找不到如何做到这一点的方法。 任何人都可以帮助我吗?
为了清楚,我将使用angularjs查询elasticsearch。我想尽快做到。我不能让它绝对开放,但缩小查询到_search enpoint将是完美的。似乎Nginx能够做到这一点,但我不知道如何。
必须是配置或正则表达式中的一些“if”语句我猜...
答案 0 :(得分:0)
作为概念证明,我最终得到了这个。请不要先使用它而不先检查后果。
events {
worker_connections 1024;
}
http {
upstream elasticsearch {
server 127.0.0.1:9200;
keepalive 15;
}
server {
listen: 8080;
# ES backend for search autocomplete
# 1. Allow only GET requests.
# 2. Capture the search_term which cannot contain the " character.
# 3. Rewrite the request to the desired index's _search elasticsearch endpoint.
# 4. Build the request body by concatenating the appropriate json with the search_term.
# 5. proxy_pass the translated request to elasticsearch.
location ~* ^/search/autocomplete/(?<search_term>[^"]+)$ {
if ($request_method != GET) {
return 403;
}
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
set $search_prefix '{"query":{"match":{"user.name":"';
set $search_suffix '"}},"highlight":{"pre_tags":["<strong>"],"post_tags":["</strong>"],"fields":{"user.name":{}}}}';
set $search $search_prefix$search_term$search_suffix;
proxy_set_body $search;
proxy_redirect off;
proxy_buffering off;
rewrite ^.*$ /my_index/blogpost/_search break;
proxy_pass http://elasticsearch;
}
# All other requests go to the web application server.
location / {
proxy_pass http://server;
}
}
}