From a50f28424dc42479efad6bfc786ab57581c2f342 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 27 May 2026 09:42:02 +0000 Subject: [PATCH] fix: enable elasticsearch security to require authentication for all API access - Enable xpack.security in Elasticsearch (was explicitly disabled) - Add ELASTIC_PASSWORD env var so the built-in elastic user gets the password - Disable HTTP SSL to keep plain HTTP while still enforcing basic auth - Disable transport SSL (single-node setup) - Update healthcheck to authenticate with elastic credentials --- Containers/fulltextsearch/healthcheck.sh | 2 +- php/containers.json | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Containers/fulltextsearch/healthcheck.sh b/Containers/fulltextsearch/healthcheck.sh index ba29f151..8b4f135d 100644 --- a/Containers/fulltextsearch/healthcheck.sh +++ b/Containers/fulltextsearch/healthcheck.sh @@ -4,4 +4,4 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then set -x fi -curl -fs "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1 +curl -fs -u "elastic:$FULLTEXTSEARCH_PASSWORD" "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1 diff --git a/php/containers.json b/php/containers.json index df841f44..5a616f8d 100644 --- a/php/containers.json +++ b/php/containers.json @@ -828,11 +828,13 @@ "discovery.type=single-node", "http.port=9200", "xpack.license.self_generated.type=basic", - "xpack.security.enabled=false", + "xpack.security.enabled=true", + "xpack.security.http.ssl.enabled=false", + "xpack.security.transport.ssl.enabled=false", "indices.fielddata.cache.size=20%", "indices.memory.index_buffer_size=20%", "thread_pool.write.queue_size=1000", - "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%" + "ELASTIC_PASSWORD=%FULLTEXTSEARCH_PASSWORD%" ], "volumes": [ {