How do I define security access in Elasticsearch? I have the elasticsearch-head plugin but your access doesn't require any security.

The plugin mentioned in this answer is no longer being actively supported.

There is no built-in access control in elasticsearch. So, you would need to setup a reverse proxy (here is a blog post how to setup nginx), use one of the 3rd party elasticsearch plugins such as https://github.com/Asquera/elasticsearch-http-basic or use the official security plugin Shield.

<shamelessPlug>

Sorry but I have serious doubts about all these plugins and proxies that only try to capture queries with sloppy regex's at HTTP level.

Will you regex all the possible ES syntax that may perform a write? How do you filter by index? How about index aliases? Multi-index queries?

The only clean way to do the access control is AFTER ElasticSearch has parsed the queries. This is exactly what Shield does after all!

I wrote a MIT licensed plugin (readonly-rest-plugin) that does exactly this.

You can match request by:

• ✔️ Host name, IP and IP with Netmask

• ✔️ Indices (wildcards supported) and index aliases are resolved

• ✔️ HTTP Basic Auth

It has also first class support for Kibana authentication :)

</shamelessPlug>

Elasticsearch now have security plugin http://www.elasticsearch.org/blog/shield-know-security-coming-soon/

Update: This work pretty well and is (for the moste features) free and open source: https://github.com/floragunncom/search-guard

NOTE: The plugin mentioned in this article is no longer being maintained

Maybe this helps: https://github.com/salyh/elasticsearch-security-plugin

This plugin adds http/rest security functionality to Elasticsearch in kind of separate modules. Instead of Netty a embedded Tomcat 7 is used to process http/rest requests.

Currently for user based authentication and authorization Kerberos and NTLM are supported through 3rd party library waffle (only on windows servers). For UNIX servers Kerberos is supported through 3rd party library tomcatspnegoad (Works with any kerberos implementation. For authorization either Active Directory and generic LDAP is supported).

You can use this plugin also without Kerberos/NTLM but then only host based authentication is available.

If you want to use the basic authentication with Kibana3, here is my solution:

https://github.com/fangli/kibana-authentication-proxy

Support not only basicAuth ES backend, but also GoogleOAuth and BasicAuth for the client. Please give a star if it works for you, thanks.

Try Shield. It has Authentication and Authorization. For now it needs a license. Won't be too long before people create similar open source plugins.

I am very novice in ElasticSearch, yet I feel that X-Pack plugin should appear here as an answer: https://www.elastic.co/guide/en/x-pack/current/index.html

It is my understanding that X-Pack is now the de-facto standard for securing ElasticSearch (and much more), including authentication.

The only preferable way to enable security in Elasticsearch is through the plugin X-Pack.

https://www.elastic.co/guide/en/x-pack/current/xpack-introduction.html

This is a multipurpose plugin and will fit well for the security purposes, as you can also use monitoring and configure the alerts and notifications as per your needs.

As it is already highly recognized, I'm sure Elasticsearch will continue with this for login.

Regarding a specific solution to this problem, I ran across the following that is a simple implementation of a reverse proxy approach as mentioned in other answers:

https://gist.github.com/jpluscplusm/9227777

As a caveat, it seems at least some at Elasticsearch proper don't consider nginx to be the optimal solution, but I think that depends on the specifics of your authentication requirements (RBAC, user count, number of indexes, frequency of access list modifications). For some users (including myself) the first example is sufficient.

http://www.elasticsearch.org/blog/restricting-users-kibana-filtered-aliases/

If you find that your requirement specifics arent met by nginx, something like this might work: https://github.com/lukas-vlcek/node.es

As ElasticSearch is kinda of a database service, you probably wouldn't want it to be exposed publicly anyway.

I don't trust plugins to do that for me, so I did with a nginx proxy.

This tutorial is very very helpful:

http://www.minvolai.com/blog/2014/08/Setting-up-a-Secure-Single-Node-Elasticsearch-server-behind-Nginx/Setting-up-a-Secure-Single-Node-Elasticsearch-server-behind-Nginx/