有没有办法阻止访问 Elasticsearch 内置的 API,例如 /_nodes? , /_cluster, /_cat 等等?
Is there anyway to prevent access to Elasticsearch built-in API's such as /_nodes? , /_cluster, /_cat etc.?
我是 Elasticsearch 的新手,对 Elasticsearch 有非常基本的了解。
So, let me first give little description about my problem statement. In my organisation, we have elasticsearch cluster made up of 3-nodes on unix boxes. discovery.zen.ping.unicast.hosts: ["xx.xx.xx.1", "xx.xx.xx.2", "xx.xx.xx.3"]
. Everything works fine, but within the organisation private network one can access the Elasticsearch built-in API's such as /_nodes? , /_cluster, etc
using the private IP's.
如何防止对 API 的内部网络进行此类未经授权的访问? elasticsearch 中是否有任何 ACL 功能,或者我是否必须在其上安装一些 nginx 网络服务器并阻止对 url 的访问。
您可以使用 x-pack basic security which is included for free in the latest versions of Elasticsearch and provide username/password based access and many more ways to control the access, refer x-pack license detail 获取更多信息
我是 Elasticsearch 的新手,对 Elasticsearch 有非常基本的了解。
So, let me first give little description about my problem statement. In my organisation, we have elasticsearch cluster made up of 3-nodes on unix boxes.
discovery.zen.ping.unicast.hosts: ["xx.xx.xx.1", "xx.xx.xx.2", "xx.xx.xx.3"]
. Everything works fine, but within the organisation private network one can access the Elasticsearch built-in API's such as/_nodes? , /_cluster, etc
using the private IP's.
如何防止对 API 的内部网络进行此类未经授权的访问? elasticsearch 中是否有任何 ACL 功能,或者我是否必须在其上安装一些 nginx 网络服务器并阻止对 url 的访问。
您可以使用 x-pack basic security which is included for free in the latest versions of Elasticsearch and provide username/password based access and many more ways to control the access, refer x-pack license detail 获取更多信息