问题描述
我已经阅读了的文档,我是一个大的粉丝,我想使用它来处理我的ASP.NET MVC应用程序的搜索。
然而,这引入了一些有趣的曲折。如果ASP.NET MVC应用程序在一台专用机器上,则可以轻松地执行弹性搜索的实例,并使用本地连接。
但是,我不是在ASP.NET MVC应用程序的专用机器上,也不是看起来我会很快就会移动到一个。
在另一台机器上(在* NIX世界)中放置弹性搜索,我可能会在共享托管但是,弹性搜索中缺少的最大的一个问题就是它不支持HTTPS和基本身份验证。如果是这样,那么这个问题就不会存在我只会在某个地方托管它,并确保有一个令人难以置信的安全密码和HTTPS启用(可能使用自签名证书)。
但情况并非如此。
给出了什么是以安全的方式在互联网上公开弹性搜索的好方法?
注意,我正在寻找一些希望的东西,不需要编写代码来为我想要的方法(换句话说,编写转发器)提供垫片。
现在可用。
因为它使用Jetty来处理HTTP传输,它可以处理SSL连接以及配置进行身份验证。 p>
(请注意,以下内容仍然是健全的建议,因为一般的做法是以这种方式提取您的操作)
经过一些关于,我发现目前的解决方案是将ElasticSearch托管在另一个应用层之后,然后确保 层
。推理是坚实的; ElasticSearch类似于一个数据库,你不会使你的数据库面向所有的公开。
我(和其他人)的一些事情是因为ElasticSearch使用HTTP作为传输,并使用JSON作为操作的语法,ElasticSearch是面向公开的。
但是,目前有一个添加HTTPS传输支持(假设提供证书)以及基本(摘要)身份验证。
I've been going over the documentation for Elastic Search and I'm a big fan and I'd like to use it to handle the search for my ASP.NET MVC app.
That introduces a few interesting twists, however. If the ASP.NET MVC application was on a dedicated machine, it would be simple to spool up an instance of Elastic Search and use the TCP Transport to connect locally.
However, I'm not on a dedicated machine for the ASP.NET MVC application, nor does it look like I'll move to one anytime soon.
That leaves hosting Elastic Search on another machine (in the *NIX world) and I would probably go with shared hosting there.
One of the biggest things lacking from Elastic Search, however, is the fact that it doesn't support HTTPS and basic authentication out of the box. If it did, then this question wouldn't exist; I'd simply host it somewhere and make sure to have an incredibly secure password and HTTPS enabled (possibly with a self-signed certificate).
But that's not the case.
That given, what is a good way to expose Elastic Search over the Internet in a secure way?
Note, I'm looking for something that hopefully, will not require writing code to provide shims for the methods that I want (in other words, writing forwarders).
A plugin for elasticsearch that allows you to replace the HTTP transport with an embedded instance of Jetty is now available.
Because it uses Jetty to handle the HTTP transport, it can handle SSL connections as well as be configured for authentication.
(Note, the following is still sound advice, in that it's generally good practice to abstract your operations out in this manner)
After a number of discussions on the ElasticSearch mailing list, I've discovered that the current solution is to host ElasticSearch behind another application layer and then to secure that layer.
The reasoning is solid; ElasticSearch is akin to a database, and you wouldn't make your database public-facing to all.
Something that I (and others) trip up on is that because ElasticSearch uses HTTP as a transport and uses JSON as the syntax for operations, that ElasticSearch is meant to be public-facing.
However, there is currently a request to add HTTPS transport support (assuming a certificate is provided) along with basic (digest) authentication.
这篇关于如何在共享托管环境中确保面向互联网的弹性搜索实现?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!