This plugin provides an extension of ElasticSearchs HTTP Transport module to enable HTTP basic authentication and/or Ip based authentication.
Requesting / does not request authentication to simplify health check configuration.
There is no way to configure this on a per index basis.
| Http Basic Plugin | elasticsearch |
|---|---|
| v0.0.1 | 6.3.2 |
| v0.1.0 | 7.6.0 |
| v0.2.0 | 7.12.0 |
| v0.3.0 | 7.13.3 |
Download the desired version from https://github.com/Cleafy/elasticsearch6-http-basic/releases and copy it to plugins/http-basic.
Once the plugin is installed it can be configured in the elasticsearch modules configuration file. See the elasticserach directory layout information for more information about the default paths of an ES installation.
| Setting key | Default value | Notes |
|---|---|---|
http.basic.enabled |
true | true disables the default ES HTTP Transport module |
http.basic.user |
"admin" | |
http.basic.password |
"admin_pw" | |
http.basic.log |
false | enables plugin logging to ES log. Unauthenticated requests are always logged. |
Be aware that the password is stored in plain text.
see this article
The following code enables plugin logging, sets user and password.
http.basic.enable: true
http.basic.log: true
http.basic.user: "some_user"
http.basic.password: "some_password"
note: localhost is a whitelisted ip as default. Considering a default configuration with my_username and my_password configured.
Correct credentials
$ curl -v --user my_username:my_password no_local_host:9200/foo # works (returns 200) (if credentials are set in configuration)
Wrong credentials
$ curl -v --user my_username:wrong_password no_local_host:9200/ # health check, returns 200 with "{\"OK\":{}}" although Unauthorized
$ curl -v --user my_username:password no_local_host:9200/foo # returns 401
Please file your issue here: https://github.com/Cleafy/elasticsearch6-http-basic/issues