版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_36666651/article/details/83543358
在有些工具中,并没有提供elasticsearch的用户名密码接口,而如果elasticsearch开启了x-pack验证,用户名密码又是必须参数。如果去修改工具实现,代价又太大,所以我们可以选择使用nginx反向代理,使用nginx为请求增加验证,达到无密码访问兼容老工具的目的。
首先,elasticsearch中配置允许通过请求头来验证:
http.cors.allow-headers: Authorization
然后我们先使用curl 加上-u -v参数来访问elasticsearch,观察请求体:
curl --user elastic:123456 -v "http://127.0.0.1:11111"
* About to connect() to 127.0.0.1 port 11111 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 11111 (#0)
* Server auth using Basic with user 'elastic'
> GET / HTTP/1.1
> Authorization: Basic ZWxhc3RpYzoxMjM0NTY=
> User-Agent: curl/7.29.0
> Host: 127.0.0.1:11111
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.12.2
< Date: Tue, 30 Oct 2018 07:42:06 GMT
< Content-Type: application/json; charset=UTF-8
< Content-Length: 491
< Connection: keep-alive
<
{
"name" : "es-wk-node-1",
"cluster_name" : "es-wk1",
"cluster_uuid" : "Dc1CiavHRzSCtt4yzImVrA",
"version" : {
"number" : "6.4.2",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "04711c2",
"build_date" : "2018-09-26T13:34:09.098244Z",
"build_snapshot" : false,
"lucene_version" : "7.4.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
通过与不加-u(–user)参数的对比,可以发现差别就是请求头多了一个Authorization参数,而其值是固定的,所以我们在nginx中配置为请求添加此请求头即可。
server {
listen 11111;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
# proxy_set_header user elastic:123456;
proxy_set_header Authorization 'Basic ZWxhc3RpYzoxMjM0NTY=';
proxy_pass http://127.0.0.1:19200;
}
}
这时候去掉-u参数再使用curl访问elasticsearch发现就成功了。