问题: elasticsearch 需要访问控制 还不给钱,买X-Pack
解决: nginx 鉴权
上内容
安装elasticsearch 开放端口9201 只允许本机访问
upstream elasticsearch {
server 127.0.0.1:9201;
keepalive 15;
}
server {
listen 9200;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_pass http://elasticsearch;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
auth_basic "login";
auth_basic_user_file /etc/nginx/conf.d/htpasswd;
autoindex on;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
springboot 工程加入配置
package com.physicalpoint.imss.job.config;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.List;
@Configuration
public class ElasticsearchConfig implements FactoryBean<RestHighLevelClient>, InitializingBean, DisposableBean {
private static final Logger logger = LoggerFactory.getLogger(ElasticsearchConfig.class);
@Value("#{'${spring.data.elasticsearch.cluster-nodes}'.split(',')}")
private List<String> clusterNodes = new ArrayList<>();
@Value("${spring.data.elasticsearch.username}")
private String username;
@Value("${spring.data.elasticsearch.password}")
private String password;
private RestHighLevelClient restHighLevelClient;
protected void buildClient() {
List<HttpHost> httpHostList = new ArrayList<>();
if (clusterNodes.isEmpty()) {
throw new RuntimeException("ElasticSearch client create error: cluster-nodes is null");
}
clusterNodes.stream().forEach(hostInfo -> {
String[] hostInfoArray = hostInfo.split(":");
httpHostList.add(new HttpHost(hostInfoArray[0], Integer.valueOf(hostInfoArray[1]), "http"));
});
RestClientBuilder builder = RestClient.builder(httpHostList.toArray(new HttpHost[0]));
Header[] defaultHeaders = new Header[]{new BasicHeader("Authorization",
"Basic " + Base64.encodeBase64String(new StringBuffer()
.append(username).append(":").append(password)
.toString().getBytes(Charset.forName("UTF-8"))))};
builder.setDefaultHeaders(defaultHeaders).setMaxRetryTimeoutMillis(10000);
restHighLevelClient = new RestHighLevelClient(builder);
}
@Override
public void destroy() throws Exception {
try {
if (restHighLevelClient != null) {
restHighLevelClient.close();
}
} catch (final Exception e) {
logger.error("Error closing ElasticSearch client: ", e);
}
}
@Override
public RestHighLevelClient getObject() throws Exception {
return restHighLevelClient;
}
@Override
public Class<?> getObjectType() {
return RestHighLevelClient.class;
}
@Override
public void afterPropertiesSet() throws Exception {
buildClient();
}
@Override
public boolean isSingleton() {
return false;
}
}
springboot 配置 yaml
spring:
data:
elasticsearch:
cluster-nodes: es服务ip:9200
username: 账号
password: 密码
elasticsearch:
rest:
uris: ${spring.data.elasticsearch.cluster-nodes}
nginx 配置加入密码控制
通过在线htpasswd生成器生成一个账号密码在线htpasswd生成器 - 码工具 加密方式选择Crypt,生成密码串后,加入到密码文件中 (elastic/wudian2019密码不要有特殊字符) 增加密码文件
vim /etc/nginx/conf.d/htpasswd
加入内容 elastic:0EUzrQD9IWsXI 账号密码自定义
效果
搞定,收工!! 有免费白嫖的 评论区见!!