Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding proxy configuration #20231107 #20230503 in 4314 issue #6952

Merged
merged 12 commits into from
May 16, 2024
Merged

adding proxy configuration #20231107 #20230503 in 4314 issue #6952

Changes from 4 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
559ba87
adding proxy configuration #20231107 #20230503 in 4314 issue
AntonEliatra Apr 15, 2024
2cf06b6
adding proxy configuration #20231107 #20230503 in 4314 issue
AntonEliatra Apr 15, 2024
9a5d4cf
Update cross-cluster-search.md
AntonEliatra Apr 15, 2024
d63bfb7
Apply suggestions from code review
AntonEliatra Apr 23, 2024
da81f4f
adding prerequisite to cross-cluster page
AntonEliatra Apr 24, 2024
7934531
typo on cross-cluster page
AntonEliatra Apr 24, 2024
33ef66e
Merge branch 'main' into proxy-config
stephen-crawford Apr 24, 2024
46f8eb4
Apply suggestions from code review
AntonEliatra Apr 26, 2024
0ed716e
Update _search-plugins/cross-cluster-search.md
AntonEliatra May 1, 2024
f36f58d
Apply suggestions from code review
AntonEliatra May 10, 2024
501ff88
updating proxy details as per comments
AntonEliatra May 10, 2024
01eba28
Update cross-cluster-search.md
Naarcha-AWS May 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 54 additions & 1 deletion _search-plugins/cross-cluster-search.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,7 @@ It is sufficient to point to only one of the node IPs on the remote cluster beca

You can now run queries across both clusters:

```bash
```json
AntonEliatra marked this conversation as resolved.
Show resolved Hide resolved
curl -XGET -k -u 'admin:<custom-admin-password>' 'https://opensearch-domain-1:9200/opensearch-ccs-cluster2:books/_search?pretty'
{
...
Expand Down Expand Up @@ -297,3 +297,56 @@ curl -k -XPUT -H 'Content-Type: application/json' -u 'admin:<custom-admin-passwo
}
}'
```

## OpenSearch behind a proxy
AntonEliatra marked this conversation as resolved.
Show resolved Hide resolved
You can configure cross-cluster search on a cluster running behind a proxy. There are many ways to configure a reverse proxy and various proxies to chose from. The following example demonstrates the basic NGINX reverse proxy configuration without TLS termination. OpenSearch is expected to be running with both transport and HTTP TLS encryption enabled. For more information about configuring TLS encryption, see [Configuring TLS certificates]({{site.url}}{{site.baseurl}}/security/configuration/tls/).
AntonEliatra marked this conversation as resolved.
Show resolved Hide resolved

### Proxy configuration
The basic NGINX configuration for HTTP and transport communication follows:
Naarcha-AWS marked this conversation as resolved.
Show resolved Hide resolved
AntonEliatra marked this conversation as resolved.
Show resolved Hide resolved

```
stream {
upstream opensearch-transport {
server <opensearch>:9300;
}
upstream opensearch-http {
server <opensearch>:9200;
}
server {
listen 8300;
ssl_certificate /.../opensearch-2.12.0/config/esnode.pem;
AntonEliatra marked this conversation as resolved.
Show resolved Hide resolved
ssl_certificate_key /.../opensearch-2.12.0/config/esnode-key.pem;
ssl_trusted_certificate /.../opensearch-2.12.0/config/root-ca.pem;
proxy_pass opensearch-transport;
ssl_preread on;
}
server {
listen 443;
listen [::]:443;
ssl_certificate /.../opensearch-2.12.0/config/esnode.pem;
ssl_certificate_key /.../opensearch-2.12.0/config/esnode-key.pem;
ssl_trusted_certificate /.../opensearch-2.12.0/config/root-ca.pem;
proxy_pass opensearch-http;
ssl_preread on;
}
}
```
The listening ports for HTTP and transport communication are set to `443` and `8300` respectively.
AntonEliatra marked this conversation as resolved.
Show resolved Hide resolved

### OpenSearch configuration
The remote cluster can be configured to point to the `proxy` using the following command:
AntonEliatra marked this conversation as resolved.
Show resolved Hide resolved

```bash
curl -k -XPUT -H 'Content-Type: application/json' -u 'admin:<custom-admin-password>' 'https://opensearch:9200/_cluster/settings' -d '
{
"persistent": {
"cluster.remote": {
"opensearch-remote-cluster": {
"mode": "proxy",
"proxy_address": "<remote-cluster-proxy>:8300"
}
}
}
}'
```
Note the previously defined port `8300` configured in the [Proxy configuration]({{site.url}}{{site.baseurl}}/search-plugins/cross-cluster-search/#proxy-configuration) section.
AntonEliatra marked this conversation as resolved.
Show resolved Hide resolved
Loading