保护弹性材料 [英] Securing elasticsearch

问题描述

我完全是弹性游戏的新手，但我非常喜欢。唯一无法找到并且无法完成的是确保生产系统的弹性搜索。我读了很多关于在弹性搜索前使用nginx作为代理，但是我从来没有使用过 nginx ，从来没有使用代理。

这是确保生产系统中弹性搜索的典型方式吗？

如果是，有没有任何教程或漂亮的阅读可以帮助我实现这个功能。我真的想在我们的生产系统中使用弹性搜索，而不是solr和tomcat。

解决方案

有一篇关于保护Elasticsearch的文章以下几点要注意： http://www.found.no/foundation/弹性搜索安全性/ （完全披露：我写了它并为Found找到工作）

还有一些你应该知道的事情： http://www.found.no/foundation/elasticsearch-in-production/

总结总结：

目前，Elasticsearch不认为安全性是其工作。 Elasticsearch没有用户的概念。基本上，任何可以向您的群集发送任意请求的人都是超级用户。

1. 禁用动态脚本。它们是危险的。


2. 了解有时需要将配置限制为将访问控制限制到索引。


3. 考虑多个租户的性能影响，一个弱点或者一个错误的查询可能会导致整个群集崩溃！

I am completely new to elasticsearch but I like it very much. The only thing I can't find and can't get done is to secure elasticsearch for production systems. I read a lot about using nginx as a proxy in front of elasticsearch but I never used nginx and never worked with proxies.

Is this the typical way to secure elasticsearch in production systems?

If so, are there any tutorials or nice reads that could help me to implement this feature. I really would like to use elasticsearch in our production system instead of solr and tomcat.

解决方案

There's an article about securing Elasticsearch which covers quite a few points to be aware of here: http://www.found.no/foundation/elasticsearch-security/ (Full disclosure: I wrote it and work for Found)

There's also some things here you should know: http://www.found.no/foundation/elasticsearch-in-production/

To summarize the summary:

At the moment, Elasticsearch does not consider security to be its job. Elasticsearch has no concept of a user. Essentially, anyone that can send arbitrary requests to your cluster is a "super user".

1. Disable dynamic scripts. They are dangerous.
2. Understand the sometimes tricky configuration is required to limit access controls to indexes.
3. Consider the performance implications of multiple tenants, a weakness or a bad query in one can bring down an entire cluster!

这篇关于保护弹性材料的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！