我知道如何仅允许GET请求(更多在这里为http://brudtkuhl.com/securing-elasticsearch/),但在我的情况下,最好将nginx反向代理配置为仅允许_search端点。而且我无法找到一种办法。 任何人都可以帮助我吗?用于ElasticSearch的Nginx反向代理仅允许_search端点
只是要清楚我要使用angularjs来查询elasticsearch。我想尽可能快地完成。我不能让它绝对开放,但缩小对_search enpoint的查询将是完美的。似乎Nginx能够做到这一点,但我不知道如何。
必须有一些“如果”内部配置或正则表达式我想声明...
由于概念证明我结束了这一点。如果不先检查后果,请不要使用它。
events {
worker_connections 1024;
}
http {
upstream elasticsearch {
server 127.0.0.1:9200;
keepalive 15;
}
server {
listen: 8080;
# ES backend for search autocomplete
# 1. Allow only GET requests.
# 2. Capture the search_term which cannot contain the " character.
# 3. Rewrite the request to the desired index's _search elasticsearch endpoint.
# 4. Build the request body by concatenating the appropriate json with the search_term.
# 5. proxy_pass the translated request to elasticsearch.
location ~* ^/search/autocomplete/(?<search_term>[^"]+)$ {
if ($request_method != GET) {
return 403;
}
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
set $search_prefix '{"query":{"match":{"user.name":"';
set $search_suffix '"}},"highlight":{"pre_tags":["<strong>"],"post_tags":["</strong>"],"fields":{"user.name":{}}}}';
set $search $search_prefix$search_term$search_suffix;
proxy_set_body $search;
proxy_redirect off;
proxy_buffering off;
rewrite ^.*$ /my_index/blogpost/_search break;
proxy_pass http://elasticsearch;
}
# All other requests go to the web application server.
location/{
proxy_pass http://server;
}
}
}