Elasticsearch with user authentication not working?

milni · December 27, 2020, 2:21pm

Hi,

I am not able to get the full text search working when user authentication for ElasticSearch server is on.

Open Distro for Elasticsearch (by Amazon) up and running in docker container on Arch Linux server, listening at port 9201.
iptables on server have the port 9201 accessible for any docker container.
Nextcloud 19 is also running in a docker container.

I can check that search works:

docker exec -ti nextcloud /bin/sh -c 'curl -X GET "https://elastic.server.com:9201/nextcloud/_search?q="lookingforsomething"&pretty" -k -u nextcloud:blablabla'  --cacert /etc/letsencrypt/letsencrypt_root_ca.pem

This returns the expected result.

However, when I include the user authentication to Nextcloud Admin GUI for full text search as https://nextcloud:blablabla@elastic.server.com:9201 and with index nextcloud, I can see in nextcloud.log that No alive nodes found in your cluster…

Any idea what could be wrong?

milni · December 27, 2020, 2:25pm

For the time being, I worked around that problem by setting up an nginx proxy just for nextcloud:

# The header Authorization:
# `echo -n "user:psdwd" | base64`
# dXNlcjpwYXNzd29yZA==

# For nextcloud
server {
    listen 192.168.0.10:19201;
    server_name _;
    location / {
        proxy_set_header Host $host;
        proxy_set_header Authorization $http_authorization;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass https://elastic.server.com:9201;
        proxy_set_header Authorization "Basic dXNlcjpwYXNzd29yZA==";
        proxy_buffer_size          128k;
        proxy_buffers              4 256k;
        proxy_busy_buffers_size    256k;
    }
}