1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
.\" Generated by scdoc 1.9.0
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.nh
.ad l
.\" Begin generated content:
.TH "es-public-proxy" "1" "2020-08-27" "es-public-proxy Manual Page"
.P
.SH NAME
.P
es-public-proxy - simple read-only HTTP reverse-proxy for exposing an Elasticsearch node to the public internet
.P
.SH SYNOPSIS
.P
es-public-proxy --config CONFIGFILE
.P
.SH DESCRIPTION
.P
es-public-proxy is intended to be a simple and reliable alternative for the
use case of exposing popular search queries on specific indices to the public
web. HTTP requests are parsed and filtered in a safe, compiled language (Rust),
then only safe queries are re-serialized and forwarded to the backend search
instance listening on a different port.
.P
.SH OPTIONS
.P
Argument processing is crude; only one option can be specified at a time.
.P
\fB-h, --help\fR
.RS 4
Prints help information
.P
.RE
\fB-V, --version\fR
.RS 4
Prints version information
.P
.RE
\fB--config <file>\fR [env: ES_PUBLIC_PROXY_CONFIG_PATH]
.RS 4
Supply path to configuration file (TOML), which is effectively required for operation
.P
.RE
\fB--example-config\fR
.RS 4
An annotated config file (TOML) will be printed to standard out.
.P
.RE
.SS CONFIGURATION
.P
In all cases you will want to explicitly enumerate all of the indices to have
public access. There is an `unsafe_all_indices` intended for prototyping, but
this may allow access to additional non-index API endpoints.
.P
One simple deployment pattern is to put nginx, es-public-proxy, and
elasticsearch all on the same server. In this configuration, nginx would
listen on all network interfaces on ports 80 and 443, and handle SSL upgrade
redirects from 80 to 443, as well as add transport compression, restrict client
body payload limits, etc. es-public-proxy would listen on localhost port
9292, and connect back to elasticsearch on localhost port 9200.
.P
.P
.SS LIMITATIONS
.P
Not all of the elasticsearch API has been implemented yet. In general, this
service is likely to be more strict in parsing and corner-cases. For example:
.P
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.IP \(bu 4
.\}
URL query parameters like `?human` must be expanded into a boolean like `?human=true`
.RE
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.IP \(bu 4
.\}
Some cases where elasticsearch will allow short-cutting a full object into a string, this proxy requires the full object format
.RE
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.IP \(bu 4
.\}
index patterns in configuration are not supported
.RE
.P
.SH EXAMPLES
.P
Some examples of usage will go here.
.P
.RS 4
es-public-proxy --example-config > example.toml
es-public-proxy --config example.toml
.P
.RE
|
