https://github.com/elasticfence/elasticsearch-http-user-auth

HTTP Basic Authentication and IP ACL plugin for Elasticsearch :key: (UNMAINTAINED)
https://github.com/elasticfence/elasticsearch-http-user-auth

Last synced: 3 months ago
JSON representation

HTTP Basic Authentication and IP ACL plugin for Elasticsearch :key: (UNMAINTAINED)

• Host: GitHub
• URL: https://github.com/elasticfence/elasticsearch-http-user-auth
• Owner: elasticfence
• Created: 2015-11-06T16:59:39.000Z (about 9 years ago)
• Default Branch: 5.1.2
• Last Pushed: 2017-12-15T09:32:28.000Z (almost 7 years ago)
• Last Synced: 2024-05-28T13:28:43.932Z (6 months ago)
• Language: Java
• Homepage: http://qxip.net
• Size: 13.9 MB
• Stars: 148
• Watchers: 20
• Forks: 33
• Open Issues: 12
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md

Awesome Lists containing this project

README

        
[![Build Status](https://travis-ci.org/elasticfence/elasticsearch-http-user-auth.svg?branch=5.1.2)](https://travis-ci.org/elasticfence/elasticsearch-http-user-auth)

![](http://i.imgur.com/OFFgrm8.png?1)

# Elasticfence - Elasticsearch HTTP Basic User Auth plugin

Elasticsearch user authentication plugin with http basic auth and IP ACL

This plugin provides user authentication APIs and a User management web console. 

## Installation 


bin/plugin install https://raw.githubusercontent.com/elasticfence/elasticsearch-http-user-auth/5.1.2/jar/elasticfence-5.1.2-SNAPSHOT.zip



#### Build with Maven


mvn package clean

bin/plugin install file:///path/to/repo/jar/elasticfence-5.1.2-SNAPSHOT.zip



## Configuration

### Enabling/Disabling Elasticfence


elasticfence.disabled: false



To disable the plugin set `elasticfence.disabled` to `true`

### Root Access


elasticfence.root.password: rootpassword



To set the root password on each start use `elasticfence.root.password`

**Only the root user can access ES's root APIs (like /_cat, /_cluster) and all indices.**  Other users can access URLs under their own indices that are specified with this plugin's API.

### Sharding Scheme


elasticfence.number_of_shards: 1

elasticfence.number_of_replicas: 3



Omit these config options to use the Elasticsearch defaults (currently 5 and 1 respectively), otherwise set them according to desired level of redundancy and cluster scheme.

### Basic IP ACL

IPs contained in whitelist array will bypass authentication, blacklisted IPs will be blocked.  All other IPs will show an authentication window.


elasticfence.whitelist: ["127.0.0.1", "10.0.0.1"]

elasticfence.blacklist: ["127.0.0.2", "10.0.0.99"]



To block all IPs that are not in the whitelist, use the following option for `elasticfence.blacklist`


elasticfence.blacklist: ["*"]



### Kibana 4

Add index filter "/.kibana" to a your_custom_username which you created on Elasticfence and set it in kibana.yml:


elasticsearch.username: your_custom_username

elasticsearch.password: your_custom_password



Add permissions to your kibana users using regex filters: 


/index.*,/_.*,/.kibana,/



#### Kibana 4.x Auth Plugin

To facilitate users and improve security, the optional Kibana Auth plugin can be deployed alongside Elastifence:

```

bin/kibana plugin --install kibana-auth-plugin -u https://github.com/elasticfence/kibana-auth-elasticfence/releases/download/snapshot/kauth-latest.tar.gz

```



---------------

## Add username and password on HTTP requests

The authentication method of this plugin is Basic Authentication. Therefore, you should add your username and password on URL string. For example: 


http://root:[email protected]:9200/



###### CURL


curl -u root:rootpassword http://your.elasticsearch.hostname:9200/



```javascript

{

  "status" : 200,

  "name" : "Piranha",

  "cluster_name" : "elastic1",

  "version" : {

    "number" : "1.7.3",

    "build_hash" : "05d4530971ef0ea46d0f4fa6ee64dbc8df659682",

    "build_timestamp" : "2015-10-15T09:14:17Z",

    "build_snapshot" : false,

    "lucene_version" : "4.10.4"

  },

  "tagline" : "You Know, for Search"

}

```


Plugins using ES's REST API also have to be set root password in their configurations.

The ways of configuring Marvel and Kibana 4 are below: 

#### Marvel 

elasticsearch.yml:


marvel.agent.exporter.es.hosts: ["root:[email protected]:9200"]



## User Management Console

## User Management API

This plugin provides a web API to manage users and permissions.

##### Add User:


http://your.elasticsearch.hostname:9200/_httpuserauth?mode=adduser&username=admin&password=somepass



##### Add Index Permissions:


http://your.elasticsearch.hostname:9200/_httpuserauth?mode=addindex&username=admin&index=index*



##### Update Index Permissions:


http://your.elasticsearch.hostname:9200/_httpuserauth?mode=updateindex&username=admin&index=index-*



##### Delete User:


http://your.elasticsearch.hostname:9200/_httpuserauth?mode=deleteuser&username=admin



##### List User(s):


http://your.elasticsearch.hostname:9200/_httpuserauth?mode=list



```javascript

[{ 

  "username":"admin",

  "password":"7080bfe27990021c562398e79823h920e9a38aa5d3b10c5ff5d8c498305",

  "indices":["/_*"],

  "created":"2015-11-06T21:57:21+0100"

}]

```