Comments (7)
The Authentication is somehow not working for me.
I cloned the project, opened index.html and tried sending the following query parameter :
?base_uri=http://eshost:9200/&auth_user=user&auth_password=pass
All the XHRs fail with a 401. I checked the headers and there is no trace of "Authorization: Basic " in the headers.
app.js sets it for the ajax requests though.
Have tried all possible permutations and combinations. Reverse proxy on the es host, http basic plugin. The curl calls succeed. So it's not an issue with the es setup.
Can anyone tell me where to look next?
from elasticsearch-head.
elasticsearch-head already supports basic auth. You need to specify the u/p as url params. see
https://github.com/mobz/elasticsearch-head/blob/master/README.textile for more info
On 19/07/2013, at 5:53 PM, Hans-Peter Störr [email protected] wrote:
If you use ElasticSearch in production, you will need to protect access to the ElasticSearch API if it contains non public data. I guess this will usually be done with a firewall, but there are cases where simple HTTP authentication makes sense - for instance if you want to give developers / testers direct access by routing the API through an Apache and protecting the routed location. It would be nice if this was supported by elasticsearch-head.
—
Reply to this email directly or view it on GitHub.
from elasticsearch-head.
Oops! Sorry about that!
By the way: I could not get it to work as described. No Idea why - maybe that is since I am using elasticsearch-head as an external application, and used an apache to check the HTTP authentication. No Authenticate header was constructed for me for some reason.
But it did work when I simply used the https://:@vkc.mms-dresden.telekom.de/elasticsearch/ syntax for the URL - without the auth_user and auth_password parameters. Maybe you could put that suggestion into the documentation.
All of these solutions are somewhat troublesome, though: you end up putting a passwort into a bookmark. 8-} It'd probably be better to pop up a form.
from elasticsearch-head.
Aah, the url param auth is when you can access head plugin without authentication, but need authentication to reach the elasticsearch node. As you have discovered, regular url params work for a protected plugin. And yes, leaving passwords in bookmarks is not ideal
from elasticsearch-head.
I concur with with @guptakaran11 that this is not working properly, at least in the current version of the plugin - possibly a regression. I can replicate the behavior - headers are not being passed on requests in chrome at least. @mobz I think this should be re-opened.
from elasticsearch-head.
Same issue for me.
from elasticsearch-head.
@davetwofeetonthedirt I ended up putting the ES instance on private VPC. The ES instance does not require auth and is not connected to the public network. It can be accessed via a reverse proxy (nginx in my case) that takes care of auth.
Maybe this will help you.
from elasticsearch-head.
Related Issues (20)
- Unable to load in Brave browser HOT 3
- npm install 报错: HOT 2
- docker get error
- Bearer token authentication support HOT 1
- unable to login to elasticsearch-head HOT 1
- How to run elasticsearch-head permanently HOT 8
- How should I configure nginx proxy and elasticsearch-head (public network) HOT 2
- How to connect to ES via HTTPS? HOT 1
- 复合查询条件不生效 HOT 1
- Unable to install mobz/elasticsearch-head HOT 1
- Unable to install mobz/elasticsearch-head Part 2 HOT 1
- How to connect to elasticsearch 7 ? HOT 2
- 是否已经支持elasticsearch 8.0? HOT 2
- 推荐一下自己写的es管理工具 https://github.com/1340691923/ElasticView HOT 3
- world load fail HOT 1
- Chrome Web Store ElasticSearch Head installation link is broken HOT 2
- After install nothing happens in the UI HOT 2
- elasticsearch 8.6.0 cluster error HOT 1
- support for opensearch out of the box
- cors request did not successd
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elasticsearch-head.