{"id":18358997,"url":"https://github.com/ev2900/opensearch_dashboard_nginx_proxy","last_synced_at":"2025-04-06T13:31:41.162Z","repository":{"id":50658438,"uuid":"519652879","full_name":"ev2900/OpenSearch_Dashboard_Nginx_Proxy","owner":"ev2900","description":"Access the OpenSearch dashboard of a domin deployed in a private subnet via. a Nginx Proxy","archived":false,"fork":false,"pushed_at":"2025-03-30T01:11:16.000Z","size":168,"stargazers_count":10,"open_issues_count":1,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-30T02:22:29.720Z","etag":null,"topics":["aws","nginx","nginx-configuration","nginx-proxy","opensearch","opensearch-dashboards"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ev2900.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-31T01:13:42.000Z","updated_at":"2025-03-30T01:11:17.000Z","dependencies_parsed_at":"2024-03-03T01:42:20.012Z","dependency_job_id":"829436fd-17ba-4e92-abe6-0a1fcf5bd118","html_url":"https://github.com/ev2900/OpenSearch_Dashboard_Nginx_Proxy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ev2900%2FOpenSearch_Dashboard_Nginx_Proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ev2900%2FOpenSearch_Dashboard_Nginx_Proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ev2900%2FOpenSearch_Dashboard_Nginx_Proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ev2900%2FOpenSearch_Dashboard_Nginx_Proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ev2900","download_url":"https://codeload.github.com/ev2900/OpenSearch_Dashboard_Nginx_Proxy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247488548,"owners_count":20946957,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","nginx","nginx-configuration","nginx-proxy","opensearch","opensearch-dashboards"],"created_at":"2024-11-05T22:20:17.946Z","updated_at":"2025-04-06T13:31:41.153Z","avatar_url":"https://github.com/ev2900.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenSearch Dashboard Nginx Proxy\n\n\u003cimg width=\"275\" alt=\"map-user\" src=\"https://img.shields.io/badge/cloudformation template deployments-162-blue\"\u003e \u003cimg width=\"85\" alt=\"map-user\" src=\"https://img.shields.io/badge/views-11645-green\"\u003e \u003cimg width=\"125\" alt=\"map-user\" src=\"https://img.shields.io/badge/unique visits-3419-green\"\u003e\n\nAmazon OpenSearch services can deploy a domain in a private VPC, subnet(s). Deploying OpenSearch in a private subnet blocks traffic to the OpenSearch dashboard via. the public internet.\n\nA Nginx proxy can be configured on an Ec2 in a public subnet (in the same VPC as the private subnet) to proxy traffic to the OpenSearch dashboard. **Enabling you to have a OpenSearch domain deployed in a private subnet with a OpenSearch dashboard accessible from the public internet**\n\nFollow the instructions below\n\n1. Run the CloudFormation stack below\n\n[![Launch CloudFormation Stack](https://sharkech-public.s3.amazonaws.com/misc-public/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home#/stacks/new?stackName=os-nginx\u0026templateURL=https://sharkech-public.s3.amazonaws.com/misc-public/opensearch_nginx.yaml)\n\nThe resources created by the CloudFormation stack are documented in the architecture below\n\n\n\u003cimg alt=\"opensearch_nginx_yaml\" src=\"https://github.com/ev2900/OpenSearch_Dashboard_Nginx_Proxy/blob/main/Read_Me_Architecture/ReadMe_Architecture.png\"\u003e\n\n2. Install NGINX on Ec2\n\nSSH into the Ec2 that was created by the cloudformation and run the following commands on the terminal.\n\n*Note* you will need to update the ec2 security group to allow incoming traffic from your IP address before you can SSH into the Ec2 instance.\n\n```sudo apt update```\n\n```sudo apt install nginx```\n\n## Create SSL self-signed certificate\n\nThe OpenSearch dashboard URL uses https. Consequently we need to have SSL enabled in our Nginx proxy. We will generate a self-signed certificate to use as part of our SSL configuration.\n\nRun the following commands on the terminal of the Ec2 created by the cloudformation\n\n```cd /etc/nginx/```\n\n```sudo openssl genrsa -des3 -out /etc/nginx/private.key 2048```\n\n```sudo openssl rsa -in private.key -out public.key```\n\n```sudo openssl req -new -key public.key -out certificate_signing_request.csr```\n\n```sudo openssl x509 -req -days 365 -in certificate_signing_request.csr -signkey public.key -out self_signed_certificate.crt```\n\n## Configure Nginx\n\n1. Run the following commands on the terminal of the Ec2 created by the cloudformation\n\n```cd sites-enabled```\n\n```sudo vim default```\n\nDelete all of the content in the default file. Update the 3 \u003cos_domain_url\u003e placeholders in the [ngnix_config](https://github.com/ev2900/OpenSearch_Dashboard_Nginx_Proxy/blob/main/ngnix_config) file. Copy/past the updated [ngnix_config](https://github.com/ev2900/OpenSearch_Dashboard_Nginx_Proxy/blob/main/ngnix_config) into the default file. Save and close the default file.\n\n2. Restart / start Nginx\n\nRestart the Nginx service to have the changes made to the configuration take effect. Run the following commands on the terminal of the Ec2 created by the cloudformation\n\n```sudo service nginx restart```\n\nIf you need to stop or start Nginx issue the commands below as needed\n\n```sudo service nginx start```\n\n```sudo service nginx stop```\n\n3. Access OpenSearch dashboard via. public internet\n\nTo access the OpenSearch dashboard ensure that the ec2 security group will accept incoming traffic for your source. In a web browser navigate to https://\u003cec2's-public-ip\u003e/_dashboards\n\nYour web browser may flag the website as insecure. This is because we are using a self-signed SSL certificate instead of a SSL certificate signed by a trusted authority. Procced to the website. You will see the OpenSearch dashboard log in page.\n\n\u003cimg width=\"550\" alt=\"log_in\" src=\"https://user-images.githubusercontent.com/5414004/182025931-a0acec68-452f-441c-98f2-a091cfb04091.png\"\u003e\n\n## Future Improvement(s)\n1. Containerize Nginx server\n2. High availability Nginx server (ie. two servers behind an elastic load balancer)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fev2900%2Fopensearch_dashboard_nginx_proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fev2900%2Fopensearch_dashboard_nginx_proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fev2900%2Fopensearch_dashboard_nginx_proxy/lists"}