Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ev2900/opensearch_dashboard_nginx_proxy

Access the OpenSearch dashboard of a domin deployed in a private subnet via. a Nginx Proxy
https://github.com/ev2900/opensearch_dashboard_nginx_proxy

aws nginx nginx-configuration nginx-proxy opensearch opensearch-dashboards

Last synced: 10 days ago
JSON representation

Access the OpenSearch dashboard of a domin deployed in a private subnet via. a Nginx Proxy

Host: GitHub
URL: https://github.com/ev2900/opensearch_dashboard_nginx_proxy
Owner: ev2900
Created: 2022-07-31T01:13:42.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-10-17T01:32:14.000Z (30 days ago)
Last Synced: 2024-10-19T03:08:27.165Z (28 days ago)
Topics: aws, nginx, nginx-configuration, nginx-proxy, opensearch, opensearch-dashboards
Homepage:
Size: 123 KB
Stars: 10
Watchers: 2
Forks: 6
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # OpenSearch Dashboard Nginx Proxy

  

Amazon OpenSearch services can deploy a domain in a private VPC, subnet(s). Deploying OpenSearch in a private subnet blocks traffic to the OpenSearch dashboard via. the public internet.

A Nginx proxy can be configured on an Ec2 in a public subnet (in the same VPC as the private subnet) to proxy traffic to the OpenSearch dashboard. **Enabling you to have a OpenSearch domain deployed in a private subnet with a OpenSearch dashboard accessible from the public internet**

Follow the instructions below

1. Run the CloudFormation stack below

[![Launch CloudFormation Stack](https://sharkech-public.s3.amazonaws.com/misc-public/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home#/stacks/new?stackName=os-nginx&templateURL=https://sharkech-public.s3.amazonaws.com/misc-public/opensearch_nginx.yaml)

The resources created by the CloudFormation stack are documented in the architecture below



2. Install NGINX on Ec2

SSH into the Ec2 that was created by the cloudformation and run the following commands on the terminal.

*Note* you will need to update the ec2 security group to allow incoming traffic from your IP address before you can SSH into the Ec2 instance.

```sudo apt update```

```sudo apt install nginx```

## Create SSL self-signed certificate

The OpenSearch dashboard URL uses https. Consequently we need to have SSL enabled in our Nginx proxy. We will generate a self-signed certificate to use as part of our SSL configuration.

Run the following commands on the terminal of the Ec2 created by the cloudformation

```cd /etc/nginx/```

```sudo openssl genrsa -des3 -out /etc/nginx/private.key 2048```

```sudo openssl rsa -in private.key -out public.key```

```sudo openssl req -new -key public.key -out certificate_signing_request.csr```

```sudo openssl x509 -req -days 365 -in certificate_signing_request.csr -signkey public.key -out self_signed_certificate.crt```

## Configure Nginx

1. Run the following commands on the terminal of the Ec2 created by the cloudformation

```cd sites-enabled```

```sudo vim default```

Delete all of the content in the default file. Update the 3  placeholders in the [ngnix_config](https://github.com/ev2900/OpenSearch_Dashboard_Nginx_Proxy/blob/main/ngnix_config) file. Copy/past the updated [ngnix_config](https://github.com/ev2900/OpenSearch_Dashboard_Nginx_Proxy/blob/main/ngnix_config) into the default file. Save and close the default file.

2. Restart / start Nginx

Restart the Nginx service to have the changes made to the configuration take effect. Run the following commands on the terminal of the Ec2 created by the cloudformation

```sudo service nginx restart```

If you need to stop or start Nginx issue the commands below as needed

```sudo service nginx start```

```sudo service nginx stop```

3. Access OpenSearch dashboard via. public internet

To access the OpenSearch dashboard ensure that the ec2 security group will accept incoming traffic for your source. In a web browser navigate to https:///_dashboards

Your web browser may flag the website as insecure. This is because we are using a self-signed SSL certificate instead of a SSL certificate signed by a trusted authority. Procced to the website. You will see the OpenSearch dashboard log in page.



## Future Improvement(s)

1. Containerize Nginx server

2. High availability Nginx server (ie. two servers behind an elastic load balancer)