我知道如何僅允許GET請求(更多在這裏爲http://brudtkuhl.com/securing-elasticsearch/),但在我的情況下,最好將nginx反向代理配置爲僅允許_search端點。而且我無法找到一種辦法。 任何人都可以幫助我嗎?用於ElasticSearch的Nginx反向代理僅允許_search端點
只是要清楚我要使用angularjs來查詢elasticsearch。我想盡可能快地完成。我不能讓它絕對開放,但縮小對_search enpoint的查詢將是完美的。似乎Nginx能夠做到這一點,但我不知道如何。
必須有一些「如果」內部配置或正則表達式我想聲明...
由於概念證明我結束了這一點。如果不先檢查後果,請不要使用它。
events {
worker_connections 1024;
}
http {
upstream elasticsearch {
server 127.0.0.1:9200;
keepalive 15;
}
server {
listen: 8080;
# ES backend for search autocomplete
# 1. Allow only GET requests.
# 2. Capture the search_term which cannot contain the " character.
# 3. Rewrite the request to the desired index's _search elasticsearch endpoint.
# 4. Build the request body by concatenating the appropriate json with the search_term.
# 5. proxy_pass the translated request to elasticsearch.
location ~* ^/search/autocomplete/(?<search_term>[^"]+)$ {
if ($request_method != GET) {
return 403;
}
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
set $search_prefix '{"query":{"match":{"user.name":"';
set $search_suffix '"}},"highlight":{"pre_tags":["<strong>"],"post_tags":["</strong>"],"fields":{"user.name":{}}}}';
set $search $search_prefix$search_term$search_suffix;
proxy_set_body $search;
proxy_redirect off;
proxy_buffering off;
rewrite ^.*$ /my_index/blogpost/_search break;
proxy_pass http://elasticsearch;
}
# All other requests go to the web application server.
location/{
proxy_pass http://server;
}
}
}