ElasticSearch is a scalable full text search engine. I have used it for searching 13 terabytes of files: 1.9 million files full text indexed, metadata for others.
You can limit access to ElasticSearch with login and password. You don’t neeed to buy Shield or other closed source software.
Firewall prevents outsiders from accessing your ElasticSearch. HTTP Authentication (username and password) protect your server from other programs running on localhost.
Caveats: I have have not security audited any of the products mentioned. This article was written from memory.
Prequisites: command line interface, sudo, services
Environment: Ubuntu 14.04 LTS. Likely to work on other Ubuntus and Debian.
Enable Firewall
By design, ElasticSearch does not have any security. Everyone having access to 9200/tcp have database root on ElasticSearch. So install a firewall
$ sudo ufw enable
Install and Start ElasticSearch
You need a version supported by elasticsearch-readonlyrest-plugin.
Install the deb
$ wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/deb/elasticsearch/2.3.3/elasticsearch-2.3.3.deb $ gdebi -n elasticsearch-2.3.3.deb
Start the service
$ sudo service elasticsearch start
Wait for 5-10 seconds. The service will not work immediately after the ‘service’ command has completed.
$ curl localhost:9200
{
[..]
"tagline" : "You Know, for Search"
}
By default, anyone can read the list of indices (databases) without any passwords
$ curl 'localhost:9200/_cat/indices?v' health status index pri rep docs.count docs.deleted store.size pri.store.size
Soon, you’ll learn to protect your database with password.
Install readonlyrest plugin
To see where the upstream deb installed you commands ‘dpkg –listfiles elasticsearch |grep bin’.
Install the plugin
$ sudo /usr/share/elasticsearch/bin/plugin install https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/blob/master/download/elasticsearch-readonlyrest-v1.9.2_es-v2.3.3.zip?raw=true
For future reference, it’s a good idea to download a copy of the plugin. You can install it from file with ‘sudo /usr/share/elasticsearch/bin/plugin install file://$(pwd)/elasticsearch-readonlyrest-v1.9.3_es-v2.3.3.zip’.
Configure HTTP Authentication
$ sudoedit /etc/elasticsearch/elasticsearch.yml
Add readonlyrest configuration. Because .yml files are YAML, indentation is two spaces. Of course we would like it to be tabs, but for YAML, it’s two spaces.
readonlyrest: enable: true response_if_req_forbidden: Sorry, your request is forbidden. access_control_rules: - name: Full access with HTTP auth auth_key: tero:karvinencom type: allow
Restart ElasticSearch daemon to apply changes
$ sudo service elasticsearch restart
Test Logging in to ElasticSearch
Test it trying to list indices (databases). Use the same command that worked earlier
$ curl 'localhost:9200/_cat/indices?v' Sorry, your request is forbidden.
It should fail with the message you just defined in elasticsearch.yml: “Sorry…”. If you get “connection refused”, it means you should wait 10 seconds for the service comes up and try again.
Try it with wrong password
$ curl --user wrong:password 'localhost:9200/_cat/indices?v' Sorry, your request is forbidden.
Try it with the right password
$ curl --user tero:karvinencom 'localhost:9200/_cat/indices?v' health status index pri rep docs.count docs.deleted store.size pri.store.size
Can you see a list of your indices (databases: health, status…)?
Well done, you now have authentication on you ElasticSearch!
Lyhyesti suomeksi / Abstract in Finnish
Suojaa ElasticSearch-tietokanta salasanalla. Et tarvitse Shield:iä tai muita maksullisia lisäosia.
Tulimuuri estää suoran pääsyn verkosta ElasticSearchiin. Salasana estää paikallisia ohjelmia pääsemästä suoraan tietokantoihisi.
Adminstrivia
Tested using Ubuntu 14.04 LTS amd64, ElasticSearch 2.3.3 upstream deb.
Updated: improved copy.