Host Filtering with Elasticsearch Behind Reverse Proxy

rsmith · January 17, 2019, 3:59pm

I am trying to use RoR host filter with an Elasticsearch instance behind an Nginx reverse proxy.

At the moment Elasticsearch is bound to 127.0.0.1 with all traffic passed to it via Nginx.

I set the below HTTP headers and they are being passed through successfully.

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

As far as I can see, RoR is using the OA parameter, as seen in the log files, to do host IP validation which always comes through as 127.0.0.1. Is there a way to use the HTTP headers for IP validation. It would also be nice if the access index didn’t just log the origin as localhost everytime.

Can it be done?

sscarduzio · January 17, 2019, 6:55pm

Yes can be done: readonlyrest-docs/elasticsearch.md at master · beshu-tech/readonlyrest-docs · GitHub

rsmith · January 18, 2019, 9:41am

Thought it would be easy. Thanks.

rsmith · January 18, 2019, 11:40am

In order to add the x-forwarded-for ip to the logs do I need to write my own audit log serializer?

sscarduzio · January 19, 2019, 1:01pm

In the JSON audit log we write in the indices, we have a “xff” field that shows the X-Forwarded-For value. I will add it to the regular logs too.