5

(Originally asked on StackOverflow, and recommended that I move it here)

I've been going over the documentation for Elastic Search and I'm a big fan and I'd like to use it to handle the search for my ASP.NET MVC app.

That introduces a few interesting twists, however. If the ASP.NET MVC application was on a dedicated machine, it would be simple to spool up an instance of Elastic Search and use the TCP Transport to connect locally.

However, I'm not on a dedicated machine for the ASP.NET MVC application, nor does it look like I'll move to one anytime soon.

That leaves hosting Elastic Search on another machine (in the *NIX world) and I would probably go with shared hosting there.

One of the biggest things lacking from Elastic Search, however, is the fact that it doesn't support HTTPS and basic authentication out of the box. If it did, then this question wouldn't exist; I'd simply host it somewhere and make sure to have an incredibly secure password and HTTPS enabled (possibly with a self-signed certificate).

But that's not the case.

That given, what is a good way to expose Elastic Search over the Internet in a secure way?

Note, I'm looking for something that hopefully, will not require writing code to provide shims for the methods that I want (in other words, writing forwarders).

Community
  • 1
casperOne
  • 151
  • 6

2 Answers2

4

You can set up an SSH tunnel between the 2 machines, and channel your data through it. Or you can use stunnel to setup an SSl tunnel. In both cases, the encryption will be transparent to both machines, both applications will not be aware of it, so no code change required.

Julien
  • 1,028
  • 1
  • 12
  • 24
  • Unfortunately, I don't think I'll have access for either of these solutions in a shared environment. In a shared environment, these machines would more than likely have to be *NIX boxes, in order for me to run a JVM instance (which ElasticSearch needs). I'm looking into running it on Azure, possibly, but I'm not sure how well that would work and the problem of securing the channel still exists (although I think I might be able to apply your solutions then). – casperOne Feb 27 '11 at 08:19
  • @casperOne: Shared hosting isn't for you then, have you thought about a virtual private server? VPS.net offer affordable nodes with root SSH to your instance. On your shared ASP.NET machine, is there the possibility to install cygwin (to setup an SSH tunnel) or cURL? Most of the builds for Windows include SSL support. You could self sign your VPS, have cURL not try to auth your cert which would enable you to use SSL to talk to your elastic search VPS. – Greg K Feb 28 '11 at 10:41
0

I know this is a really old question, but firewall rules seem to be the way to go. I presume even in a shared environment these days you should have access to firewall rules. This is the way we go. Locking down access only from other trusted machines.

Luke Cousins
  • 377
  • 1
  • 3
  • 18