我有一个Elasticsearch集群加上Logstash和Kibana,我只想在索引中公开一个只读窗口,但索引除外,kibana-int
这样就可以保存仪表板.
我找到了一个合适的ES代理配置,并且我已将其修改为用于limit_except
禁止对其他索引进行写入/修改,但是大部分配置都是不必要的重复.有更清晰的方法来定义它吗?
upstream elasticsearch { server es-01.iad.company.com:9200; server es-02.iad.company.com:9200; } server { listen 9200; server_name elasticsearch.proxy; client_max_body_size 50m; location / { limit_except GET POST HEAD OPTIONS { deny all; } proxy_pass http://elasticsearch; proxy_redirect off; proxy_set_header Connection ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_pass_header Access-Control-Allow-Origin; proxy_pass_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Headers; add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type'; add_header Access-Control-Allow-Credentials true; } location /kibana-int/ { proxy_pass http://elasticsearch; proxy_redirect off; proxy_set_header Connection ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_pass_header Access-Control-Allow-Origin; proxy_pass_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Headers; add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type'; add_header Access-Control-Allow-Credentials true; } }
Alexey Ten.. 6
有几种方法:
您可以将重复配置放入文件中include
.
你的配置:
upstream elasticsearch { server es-01.iad.company.com:9200; server es-02.iad.company.com:9200; } server { listen 9200; server_name elasticsearch.proxy; client_max_body_size 50m; location / { limit_except GET POST HEAD OPTIONS { deny all; } include proxy.inc; } location /kibana-int/ { include proxy.inc; } }
proxy.inc:
proxy_pass http://elasticsearch; proxy_redirect off; proxy_set_header Connection ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_hide_header Access-Control-Allow-Headers; add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type'; add_header Access-Control-Allow-Credentials true;
其他方法是使用nginx的指令继承.
upstream elasticsearch { server es-01.iad.company.com:9200; server es-02.iad.company.com:9200; } server { listen 9200; server_name elasticsearch.proxy; client_max_body_size 50m; proxy_redirect off; proxy_set_header Connection ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_hide_header Access-Control-Allow-Headers; add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type'; add_header Access-Control-Allow-Credentials true; location / { limit_except GET POST HEAD OPTIONS { deny all; } proxy_pass http://elasticsearch; } location /kibana-int/ { proxy_pass http://elasticsearch; } }
顺便说一下,你的proxy_pass_header
指令是不必要的.默认情况下,Nginx代理几乎所有标头.