diff options
author | Bryan Newbold <bnewbold@archive.org> | 2020-08-17 23:22:52 -0700 |
---|---|---|
committer | Bryan Newbold <bnewbold@archive.org> | 2020-08-17 23:22:52 -0700 |
commit | f0aa8010401e3872f8f1dcc85c409e77c6b5a1d8 (patch) | |
tree | 70c5153f23bb23bbcdd11bfe54c14133a2d1b09c /README.md | |
download | es-public-proxy-f0aa8010401e3872f8f1dcc85c409e77c6b5a1d8.tar.gz es-public-proxy-f0aa8010401e3872f8f1dcc85c409e77c6b5a1d8.zip |
init repo with README, gitignore, etc
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..5920b9c --- /dev/null +++ b/README.md @@ -0,0 +1,43 @@ + +**es-public-proxy**: Elasticsearch API proxy intended to be exposed to the +public internet (or any non-localhost clients) for safe read-only queries + +This is intended as a simple alternative to other "read-only" plugins or +authentication solutions for elasticsearch. A benefit of keeping the +elasticsearch API itself, instead of building a application-layer wrapper, is +that there already exist client libraries, tools, and integrations in many +languages. + +Plan: + +- single Rust executable +- fast and simple enough to never impact performance or latency +- TOML configuration +- some modern async/await framework +- use official elasticsearch crate? or just reqwest? +- small subset of total public API: get, search, scroll +- per-index permissions +- return response bodies untouched +- parse queries with serde JSON, then re-serialize + +Stretch or future goals: + +- parsing Lucene `query_string` +- provide an alternate simpler API +- query caching +- index aliases and routing +- version mapping (eg, expose 7.x API for 6.x index) + +Non-features: + +- TLS (use a general purpose reverse proxy) + +## Deployment + +The imagined use case is that you have elasticsearch proper listening only to +localhost connections with plain HTTP. This makes adminstration easy from +authenticated local UNIX users. No non-localhost connections to elasticsearch +are allowed, even from trusted clients. This daemon runs as a small sidecar +proxy on localhost, listening on a public port. All non-localhost clients +direct queries through the proxy, which parses the query, ensures it is "safe", +then passes through to backend. |