daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-28 14:30:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: enable elasticsearch security to require authentication for all API access

Browse Source 
- Enable xpack.security in Elasticsearch (was explicitly disabled)
- Add ELASTIC_PASSWORD env var so the built-in elastic user gets the password
- Disable HTTP SSL to keep plain HTTP while still enforcing basic auth
- Disable transport SSL (single-node setup)
- Update healthcheck to authenticate with elastic credentials
This commit is contained in:
copilot-swe-agent[bot]
2026-05-27 09:42:02 +00:00
committed by Simon L.
parent 9cfaad674c
commit a50f28424d
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Containers/fulltextsearch/healthcheck.sh
View File

@@ -4,4 +4,4 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
set -x
fi
curl -fs "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1
curl -fs -u "elastic:$FULLTEXTSEARCH_PASSWORD" "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1

6
php/containers.json
View File

@@ -828,11 +828,13 @@
"discovery.type=single-node",
"http.port=9200",
"xpack.license.self_generated.type=basic",
"xpack.security.enabled=false",
"xpack.security.enabled=true",
"xpack.security.http.ssl.enabled=false",
"xpack.security.transport.ssl.enabled=false",
"indices.fielddata.cache.size=20%",
"indices.memory.index_buffer_size=20%",
"thread_pool.write.queue_size=1000",
"FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
"ELASTIC_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
],
"volumes": [
{