Host Filtering with Elasticsearch Behind Reverse Proxy


(Richard Smith) #1

I am trying to use RoR host filter with an Elasticsearch instance behind an Nginx reverse proxy.

At the moment Elasticsearch is bound to 127.0.0.1 with all traffic passed to it via Nginx.

I set the below HTTP headers and they are being passed through successfully.

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

As far as I can see, RoR is using the OA parameter, as seen in the log files, to do host IP validation which always comes through as 127.0.0.1. Is there a way to use the HTTP headers for IP validation. It would also be nice if the access index didn’t just log the origin as localhost everytime.

Can it be done?


(Simone Scarduzio) #2

Yes can be done: https://github.com/beshu-tech/readonlyrest-docs/blob/master/elasticsearch.md#x_forwarded_for


(Richard Smith) #3

Thought it would be easy. Thanks.


(Richard Smith) #4

In order to add the x-forwarded-for ip to the logs do I need to write my own audit log serializer?


(Simone Scarduzio) #5

In the JSON audit log we write in the indices, we have a “xff” field that shows the X-Forwarded-For value. I will add it to the regular logs too.