-
Notifications
You must be signed in to change notification settings - Fork 81
/
Copy pathelasticsearch-acl.cfg
42 lines (38 loc) · 1.52 KB
/
elasticsearch-acl.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# vim:ts=4:sts=4:sw=4:et
#
# Author: Hari Sekhon
# Date: 2017-12-16 10:05:42 +0000 (Sat, 16 Dec 2017)
#
# https://github.com/HariSekhon/HAProxy-configs
#
# License: see accompanying Hari Sekhon LICENSE file
#
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
# https://www.linkedin.com/in/HariSekhon
#
# ============================================================================ #
# H A P r o x y - E l a s t i c s e a r c h
# +
# A u t h e n t i c a t i o n A C L
# ============================================================================ #
userlist elasticsearch
user esuser insecure-password espass
group esgroup users esuser
frontend elasticsearch
description "Elasticsearch + Basic HTTP Authentication ACL"
bind *:9200
default_backend elasticsearch-acl
backend elasticsearch-acl
description "Elasticsearch + Basic HTTP Authentication ACL"
balance roundrobin
acl internal_networks src 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1
acl auth_ok http_auth_group(elasticsearch) esgroup
http-request auth realm Elasticsearch unless auth_ok
http-request deny if ! internal_networks auth_ok
option httpchk GET /
http-check expect string lucene_version
timeout http-request 5s
server elasticsearch elasticsearch:9200 check
server docker docker:9200 check
server 192.168.99.100 192.168.99.100:9200 check