MarsHut Page 1/4

hastywittedmarriedInternet και Εφαρμογές Web

8 Δεκ 2013 (πριν από 3 χρόνια και 8 μήνες)

113 εμφανίσεις

Protecting my data
Asked by
DanielR
on 2013-11-28T15:37:12-05:00
Here's a question I couldn't find an answer to by searching the web..
How do I protect my data from being attacked by hostile sources?

I mean.. does anyone who has my server's ip can just send a DELETE request
and kill my index?

I found solutions like reverse http and proxy servers.
But is there no out of the box one?

10X :)
Archives
Search
ElasticSearch
Nov 28, 2013
Week 48, 2013
November, 2013
Year 2013
All Answers
Answer by
David Pilato
on 2013-11-28T15:50:14-05:00
No. Nothing out of the box.
Nginx is nice for that.

-- 
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet | @elasticsearchfr

Le 28 novembre 2013 at 21:37:15, DanielR (danielrastaziv [ at ] gmail.com) a écrit:

Here's a question I couldn't find an answer to by searching the web..
How do I protect my data from being attacked by hostile sources?

I mean.. does anyone who has my server's ip can just send a DELETE request and kill my index?

I found solutions like reverse http and proxy servers.
But is there no out of the box one?

10X :)
Answer by
DanielR
on 2013-11-28T16:02:37-05:00
Ok.. that's what i thought..
also. I found this plugin supported by elasticsearch that can configure
nginx for me.

https://github.com/elasticsearch/cookbook-elasticsearch

MarsHut
Page 1/4
Protecting my data
Do you know anything about it?
Answer by
Karel MinarÌiÌk
on 2013-11-28T16:48:08-05:00
See the https://github.com/elasticsearch/cookbook-elasticsearch#nginx-proxy
section of the README: the cookbook allows you to define the users and
passwords, and automatically installs and configures Nginx with these
settings. You can check it with the provided Vagrant configuration, or you
can follow this tutorial:
http://www.elasticsearch.org/tutorials/deploying-elasticsearch-with-chef-solo/

For an example of denying methods in Nginx configuration, see e.g. this
StackOverflow answer: http://stackoverflow.com/a/8594977/95696

Karel
Answer by
DanielR
on 2013-11-28T16:52:24-05:00
I think i got it!
but what if a already have ES installed.
Do i really need to start all over again??
Answer by
Karel Minarik
on 2013-11-28T17:42:11-05:00
No, you can install just the proxy with the Chef cookbook, or you can extract the configuration and
set up Nginx separately.

Karel
Answer by
DanielR
on 2013-11-29T10:40:24-05:00
so all need to do is install chef cookbook and configure proxy in my
run_list?
and it will work for my existing Elasticsearch installation?
Answer by
Karel MinarÌiÌk
on 2013-11-29T11:03:22-05:00
Yes, download the cookbook to the server (scp, `knife upload`, etc), and include
"elasticsearch::proxy" in your run_list.

Configure the Nginx proxy accordingly. See e.g.
https://github.com/elasticsearch/cookbook-elasticsearch/blob/master/Vagrantfile#L151-L153

By default, it will point to `localhost:9200`, see
https://github.com/elasticsearch/cookbook-elasticsearch/blob/master/templates/default/elasticsearch
_proxy.conf.erb#L26

By the way, do notice that the stock template doesn't provide any filtering of HTTP methods, as you
originally wanted.

Karel
Answer by
DanielR
on 2013-11-29T11:13:48-05:00
my node.json looks like this:

MarsHut
Page 2/4
Protecting my data
"run_list": ["recipe[elasticsearch::plugins]",

"recipe[elasticsearch::nginx]",

"recipe[elasticsearch::proxy]" ],

"plugins" : {

"karmi/elasticsearch-paramedic" : {}

},

"nginx" : {

"users" : [ { "username" : "USERNAME", "password" : "PASSWORD" } ],

"allow_cluster_api" : true

and i keep getting the same error

"Chef::Exceptions::CookbookNotFound: Cookbook elasticsearch not found. If
you're loading elasticsearch from another cookbook, make sure you configure
the dependency in your metadata"

I think maybe I extracted it in the wrong directory..
Answer by
Karel MinarÌiÌk
on 2013-11-29T11:23:48-05:00
Yes, that might be true -- maybe follow some tutorial from Opscode to set up your system correctly.

Karel
Answer by
DanielR
on 2013-12-01T01:32:23-05:00
Gave up on the cookbook..
I just went and installed nginx myself.

If i got that right, I need to use ngx_http_dav_module and deny PUT and
DELETE requests, Right?

But no i have a different problem!
Answer by
Joergprante
on 2013-12-01T05:13:13-05:00
It's easy as that

server {
location / { limit_except PUT DELETE {
proxy_pass http://127.0.0.1:9200;

}}

Jörg
MarsHut
Page 3/4
Protecting my data
Answer by
DanielR
on 2013-12-01T16:26:50-05:00
10X!
that worked :)
Tagged
Hostile Sources
Proxy Servers
Question
Reverse Http
Searching
Related
question about facets and get full terms
Question regarding to the _score and _explanation.value
Providing HA/HP searching using ES
Question about Phrase Suggester's prefix_len
Question about scrolling
Question on read consistency
BigDesk question
Design question
Facets Optimization Question
Newbie question on searching
View Online
http://www.marshut.com/ihukwh/protecting-my-data.html
MarsHut
Page 4/4