Block all non-localhost connections by default #8
Comments
|
I'm hit by ES vulnerability and want to use docker/dokku to host next one and this is exactly issue I want to understand. I need to run ES and allow only whitelisted clients to connect. To approach it, I thought of following scenario.
It seems like by doing that I don't see any command to update If you solved that issue, I would really appreciate your experience. |
|
I did end up simply forking this entire project - Docker files and everything. Here is my Dockerfile repository: https://github.com/blag/dokku-elasticsearch-dockerfiles And here is my dokku plugin repository: https://github.com/blag/dokku-elasticsearch-plugin I have updated my dockerfiles repository to add a VOLUME for /etc/elasticsearch, so you should be able to modify elasticsearch.yml outside of the Docker image (once you have mounted it), and then restart the container with the new settings. I will add the infrastructure to mount the VOLUME and restart the container to my dokku plugin fork tonight. |
|
I have updated my dokku plugin to have a config directory in ~dokku/$APP/elasticsearch/volumes/config Note that this new code is untested, but it solves part of your problem. |
|
@blag great.. I think I'll stick to your plugin then. Will dig into code a bit later. Thanks for you help. |
Installing this on a public-facing web server leaves the elasticsearch server open to the world on port 9200.
There are two ways to fix this.
From ServerFault:
From StackOverflow:
In
/etc/elasticsearch/elasticsearch.yml:I'm not entirely sure how to fix this without forking the Docker image, because that will only fix it for me, not for everybody. Is there a good way to do this?
The text was updated successfully, but these errors were encountered: