How to do secure Elasticsearch free with xpack security

Yesterday, I have invested a couple of hours to secure eleasticsearch. 

Elasticserch comes with a couple of security features. 

If you need advance elasticsearch security features you need to have a look elasticsearch subscription features. 

In this post, I would like to secure elasticsearch free with enabling basic authentication with the help of xpack security option. 

I will use Docker to run elasticserach. To create users and passwords I will user elasticsearch commands in the running docker image. 

I assume you have docker installed and running on your host machine and you know basics of docker. Here is the docker-compose file we will use : 

	version: '3.4'
	services:
	elasticsearch:
	image: docker.elastic.co/elasticsearch/elasticsearch:7.8.1
	container_name: elasticsearch
	environment:
	- "discovery.type=single-node"
	- xpack.security.enabled=true
	ports:
	- 32700:9200
	- 32701:9300
	networks:
	- elastic
	kibana:
	image: docker.elastic.co/kibana/kibana:7.8.1
	container_name: kibana
	environment:
	- ELASTICSEARCH_URL="http://elasticsearch:9200"
	- xpack.security.enabled=true
	links:
	- elasticsearch
	ports:
	- 5601:5601
	networks:
	- elastic
	depends_on:
	- elasticsearch
	networks:
	elastic:
	driver: bridge

view raw docker-compose.yml hosted with ❤ by GitHub

Then you need to run the following command to login your docker container. 

docker exec -it your-elastic-container-id /bin/bash

Then, we need to add a user with a password and role. 

Elasticsearch xpack comes with build-in roles.

 

I will create a user with superuser role just for demo purposes. 

elasticsearch-users useradd myuser -p mypassword -r superuser

Since xpack is activated, now you can use this username and password 

with basic authentication to access elasticsearch api