Elasticsearch behind NGINX on AWS

28 Sep 2014

Hosting on Heroku or any other multi-tenant PaaS means you’re sharing IP security with other people. Now your web services require at least basic auth when interacting with services like MySQL and Elasticsearch. We will run Elasticsearch behind nginx, which will enforce a username/pw for basic auth.

To skip the details and get up and going locally, check out this GitHub repo with a Vagrantfile that uses Docker images to run Elasticsearch behind nginx.

If you want a big boy’s deployment for production, check out AWS’s OpsWorks Layer for Elasticsearch

On to the fun:

High-level Overview

Nginx will be the only public facing ip, and serve as the gateway to all Elasticsearch nodes.
Nginx will enforce basic auth before proxying all HTTP requests to the ES nodes in a round robin fashion.
- This will be done using an .htpasswd file.

After you’ve spun up Elasticsearch, go through the following steps:

Example Nginx Proxy File

# Based on https://github.com/elasticsearch/kibana/blob/master/sample/nginx.conf

server {
  listen                80 default_server;

  location / {
    proxy_pass http://elasticsearch:9200; # elastic search node
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;

    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/conf.d/elasticsearch.htpasswd;
  }
}

Generate elasticsearch.htpasswd file

htpasswd -c nginx/elasticsearch.htpasswd elasticsearch

Now run nginx with it pointing to ES, and you’re good to go.

Further reading: Wattpad Engineering’s Using Nginx as a proxy for Elasticsearch.

dimroc blog See Experiments

Elasticsearch behind NGINX on AWS

High-level Overview

Example Nginx Proxy File

Generate elasticsearch.htpasswd file

Related Posts

Game to Video: Using Generative AI to Uprender Gameplay 11 Jun 2023

Books Worth Reading 2019 31 Dec 2019

Books Worth Reading 2018 31 Dec 2018