Feature Request: HTTP Authentication when accessing ElasticSearch about elasticsearch-head HOT 7 CLOSED

The Authentication is somehow not working for me.
I cloned the project, opened index.html and tried sending the following query parameter :
?base_uri=http://eshost:9200/&auth_user=user&auth_password=pass
All the XHRs fail with a 401. I checked the headers and there is no trace of "Authorization: Basic " in the headers.
app.js sets it for the ajax requests though.
Have tried all possible permutations and combinations. Reverse proxy on the es host, http basic plugin. The curl calls succeed. So it's not an issue with the es setup.

Can anyone tell me where to look next?

from elasticsearch-head.

elasticsearch-head already supports basic auth. You need to specify the u/p as url params. see
https://github.com/mobz/elasticsearch-head/blob/master/README.textile for more info

On 19/07/2013, at 5:53 PM, Hans-Peter Störr [email protected] wrote:

If you use ElasticSearch in production, you will need to protect access to the ElasticSearch API if it contains non public data. I guess this will usually be done with a firewall, but there are cases where simple HTTP authentication makes sense - for instance if you want to give developers / testers direct access by routing the API through an Apache and protecting the routed location. It would be nice if this was supported by elasticsearch-head.

—
Reply to this email directly or view it on GitHub.

from elasticsearch-head.

Oops! Sorry about that!

By the way: I could not get it to work as described. No Idea why - maybe that is since I am using elasticsearch-head as an external application, and used an apache to check the HTTP authentication. No Authenticate header was constructed for me for some reason.
But it did work when I simply used the https://:@vkc.mms-dresden.telekom.de/elasticsearch/ syntax for the URL - without the auth_user and auth_password parameters. Maybe you could put that suggestion into the documentation.

All of these solutions are somewhat troublesome, though: you end up putting a passwort into a bookmark. 8-} It'd probably be better to pop up a form.

from elasticsearch-head.

Aah, the url param auth is when you can access head plugin without authentication, but need authentication to reach the elasticsearch node. As you have discovered, regular url params work for a protected plugin. And yes, leaving passwords in bookmarks is not ideal

from elasticsearch-head.

I concur with with @guptakaran11 that this is not working properly, at least in the current version of the plugin - possibly a regression. I can replicate the behavior - headers are not being passed on requests in chrome at least. @mobz I think this should be re-opened.

from elasticsearch-head.

Same issue for me.

from elasticsearch-head.

@davetwofeetonthedirt I ended up putting the ES instance on private VPC. The ES instance does not require auth and is not connected to the public network. It can be accessed via a reverse proxy (nginx in my case) that takes care of auth.

Maybe this will help you.

from elasticsearch-head.