52 lines
1.7 KiB
Plaintext
52 lines
1.7 KiB
Plaintext
[[auth-reference]]
|
|
== SSL and Authentication
|
|
|
|
You can configure the client to use SSL for connecting to your elasticsearch cluster, including certificate verification and http auth.
|
|
|
|
=== Basic Auth
|
|
|
|
Basic authentication credentials can be configured on a per-host basis using URL notation, or at the `auth:` property of a host config object.
|
|
|
|
.Credentials directly in the host url:
|
|
[source,js]
|
|
-----
|
|
var client = new elasticsearch.Client({
|
|
host: 'https://user:password@my-site.com:9200'
|
|
})
|
|
-----
|
|
|
|
.Credentials as a property of the host config:
|
|
[source,js]
|
|
-----
|
|
var client = new elasticsearch.Client({
|
|
host: [
|
|
{
|
|
host: 'es1.internal.org',
|
|
auth: 'user:password',
|
|
protocol: 'https',
|
|
port: 9200
|
|
}
|
|
]
|
|
});
|
|
-----
|
|
|
|
=== HTTPS/SSL
|
|
|
|
Without any additional configuration you can specify `https://` host urls, but the certificates used to sign these requests will not verified (`rejectUnauthorized: false`). To turn on certificate verification you must specify an `ssl:` object either in the top level config or in each host config object and set `rejectUnauthorized: true`. The ssl config object can contain many of the same configuration options that http://nodejs.org/docs/latest/api/tls.html#tls_tls_connect_port_host_options_callback[`tls.connect()`] accepts. For convenience these options are also listed in the <<config-ssl,configuration>> reference.
|
|
|
|
.Specify a certificate authority that should be used to verify server certifcates on all nodes:
|
|
[source,js]
|
|
-----
|
|
var client = new elasticsearch.Client({
|
|
hosts: [
|
|
'https://box1.internal.org:9200',
|
|
'https://box2.internal.org:9200',
|
|
'https://box3.internal.org:9200'
|
|
],
|
|
ssl: {
|
|
ca: fs.readFileSync('./cacert.pem'),
|
|
rejectUnauthorized: true
|
|
}
|
|
});
|
|
-----
|