How can I protect my elasticsearch instances?
dan last edited by
I am running fusionauth with the elasticsearch search engine. How can I protect that?
dan last edited by dan
There are a few ways to do this.
This assumes that you are running elasticsearch on a different server than you are running the fusionauth instances. If they are on the same server, you should be fine, as that is the default configuration.
The first is at the network level, using a firewall or something like security groups on AWS. If you are doing this, you can configure the server that elasticsearch is installed on to accept requests only from the server that FusionAuth is installed on.
The second is to use basic authentication. That is, set
fusionauth.propertiesfile, or the
FUSIONAUTH_SEARCH_SERVERSenvironment variable to include the basic username and password. https://user:email@example.com. And make sure to set up elastic to use basic auth, using whatever authentication source you'd like. (You could even go meta and have elasticsearch auth the user against the fusionauth instance ).