Skip to content

sonian/elasticsearch-jetty

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

236 Commits
config
config
 
 
scripts
scripts
 
 
src
src
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.textile
README.textile
 
 
pom.xml
pom.xml
 
 
upload.zsh
upload.zsh
 
 

Repository files navigation

Jetty Plugin

Compatibility

The following table shows the versions of elasticsearch and jetty that Jetty Plugin was built with.

Jetty Plugin Elasticsearch Jetty
1.2.1 1.2.1 8.1.14.v20131031
1.1.1-beta 1.1.1 8.1.14.v20131031
1.1.0-beta 1.1.0 8.1.14.v20131031
1.0.1 1.0.1 8.1.14.v20131031
0.90.12 0.90.12 8.1.14.v20131031
0.90.0 0.90.0 8.1.4.v20120524
0.20.1 0.20.2 8.1.4.v20120524
0.19.9-master 0.19.9 8.1.4.v20120524
0.19.6-0.19.8 0.19.8 8.1.4.v20120524
0.19.0-0.19.5 0.19.2 7.4.5.v20110725
0.18.1-0.18.6 0.18.5 7.4.5.v20110725
0.18.0 0.18.4 7.4.5.v20110725

Overview

The elasticsearch-jetty plugin brings full power of Jetty and adds several new features to elasticsearch. With this plugin elasticsearch can now handle SSL connections, support basic authentication, and log all or some incoming requests in plain text or json formats.

Installation and Configuration

Installation

The elasticsearch-jetty plugin can be installed as any other ES plugin using bin/plugin utility:

(specifying the URL is required since github downloads are going away)

$ bin/plugin -url https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-1.2.1.zip -install elasticsearch-jetty-1.2.1

The core of the plugin is JettyHttpServerTransport module that works as a replacement for NettyHttpServerTransport. To enable the elasticsearch-jetty plugin, the default netty http transport should be replaced with jetty http transport by adding the following line to elasticsearch.yml.

http.type: com.sonian.elasticsearch.http.jetty.JettyHttpServerTransportModule

The elasticsearch-jetty plugin adds Server: Jetty(8.1.4.v20120524) header to all responses. So, it’s possible to verify that jetty plugin is running by checking the response headers using the following curl command:

$ curl -I "http://localhost:9200/"
HTTP/1.1 200 OK
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: *
Content-Length: 0
Server: Jetty(8.1.4.v20120524)

Configuration Files

The embedded jetty is configured using standard jetty-*.xml files. The list of config files can be specified using the sonian.elasticsearch.http.jetty.config setting. This setting should contain a comma-separated list of jetty configuration files. The files are loaded one by one in the order specified in the setting and used to configure the Jetty server. Elasticsearch tries to find each file by checking the following locations:

  • absolute path
  • elasticsearch config directory
  • elasticsearch classpath
  • config directory in elasticsearch classpath

If the sonian.elasticsearch.http.jetty.config setting is not set, the elasticsearch-jetty plugin tries to locate and load a single file called jetty.xml.

The elasticsearch-jetty plugin comes with several generic jetty-*.xml configuration files that can be used to simplify the plugin setup. These files can be found in the plugins/jetty/config directory.

  • jetty.xml – basic elasticsearch configuration file that should be always the first file in the list of config files.
  • jetty-hash-auth.xml – adds login service for basic file-based authentication.
  • jetty-restrict-all.xml and jetty-restrict-writes.xml – set of security constraint that requires password for all or write access to elasticsearch. Only one of these files should be used at a time.
  • jetty-ssl.xml and jetty-strong-ssl.xml – both files add an SSL connector, the second file limits ciphers that SSL connector can use to only known strong ciphers. Only one of these files should be used at a time.
  • jetty-gzip.xml – enables GZip support. If used, this file should be the last file in the list.

Adding SSL Support

First step in enabling SSL support is generation of keys and certificates. The process is described on the How to Configure SSL page. For the test purposes, the keystore file from the elasticsearch-jetty plugin can be also used. The generated or downloaded keystore file should be places in the config directory of elasticsearch. The SSL connector can be enabled by adding the following settings in the elasticsearch.yml file:

http.type: com.sonian.elasticsearch.http.jetty.JettyHttpServerTransportModule
sonian.elasticsearch.http.jetty:
    config: jetty.xml,jetty-ssl.xml
    ssl_port: 9443
    keystore_password: "OBF:1nc01vuz1w8f1w1c1rbu1rac1w261w9b1vub1ndq"

The keystore_password should contain the password used for keystore generation. The password "OBF:1nc01vuz1w8f1w1c1rbu1rac1w261w9b1vub1ndq" can be used with the test keystore downloaded from the elasticsearch-jetty plugin page. The jetty-strong-ssl.xml config file can be used instead of jetty-ssl.xml if it’s required to disable known weak ciphers and protocols. The password can be obfuscated using Jetty Password Utility.

Adding Basic Authentication