NGINX for Elasticsearch

I started configuring NGINX proxy for elasticsearch cluster and had some hiccups on the way. I thought it will be a good idea for me to document what I did.

Installing the NGINX is a simple process, you can google that based on your linux flavour.

Once that is installed, you will have to configure NGINX to proxy all the requests to the ES nodes.

My NGINX proxy config for ES is looks as below :

upstream elasticsearch {
server 10.5.8.49:9200;
server 10.5.8.8:9200;
keepalive 64;
}
server {
listen 8080;
location / {
proxy_pass http://elasticsearch;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# For CORS Ajax
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
}
Once I installed the NGINX, I ran into issues where the NGINX service would not start on a given port. Then I learnt, I was on SELinux ( Security Enhanced Linux) , where the ports you can use for httpd services are locked down. So you need a tool called semanage. In order to get that, you have install the coreutils for redhat.
yum install policycoreutils-python
yum install semanage
semanage port -l | grep http_port
http_port_t            tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
You can use semanage to add new ports or choose a port for your NGINX.
Once that is done, I ran into bad gateway issue where NGINX return 502 bad gateway for all the requests.
You will have to use the following command to change the policy in SELinux. Note : this will take a while to complete as it recompiles the whole policy
setsebool -PV httpd_can_network_connect 1