I am preparing a tutorial for ElasticPress behind an nginx reverse proxy with basic http auth and whitelisting. I am able to connect from ElasticPress to Elasticsearch with the basic http auth, however when I add a self-signed certificate and change to https in ElasticPress it no longer connects.
This is how I am generating the ssl certificate
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
and the ssl settings in the nginx virtual host
server {
listen 9000 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_cache shared:SSL:10m;
auth_basic "Protected Elasticsearch";
auth_basic_user_file /etc/nginx/.elasticsearch-htpasswd;
location / {
proxy_pass http://127.0.0.1:9200;
proxy_redirect off;
#restrict IPs
# allow ipaddress;
# deny all;
}
Hi @blindpet
ElasticPress uses wp_remote_request to make connection with Elasticsearch host. Are you seeing any error in error log which can give us more information from where it's breaking? I suggest you to check https://code.tutsplus.com/tutorials/a-guide-to-the-wordpress-http-api-the-basics--wp-25125 and other online resources for WP HTTP API, that might help.
The issue is the self-signed certificate, the remote request needs to let sslverify=>false exactly as that tutorial says, it would be a valuable option for self-hosters @Ritesh-patel
Hi @blindpet
You can utilise http_request_args filter to set that value. Let us know if that helps or not.
Regards,
Ritesh
Hi @Ritesh-patel I don't really do php development. I do server configurations. Do you have a snippet I can add to test this? It seems having this as an option would be really useful for external encrypted elasticsearch hosts. The setup would usually be whitelisting the host and using https with a self-signed certificate (since domain names aren't really important for elasticsearch hosting), so having sslverify=> false by default would be ideal.
Hi @wpbullet
You can add following snippet in your theme or in a custom plugin which will set sslveify to false only if it's ElasticPress request.
function custom_ep_http_request_args( $args, $url ) {
//set sslverify to false only if it's ElasticPress request.
if( 0 === strpos( $url, ep_get_host() ) ) {
$args['sslverify'] = false;
}
return $args;
}
add_filter( 'http_request_args', 'custom_ep_http_request_args', 99, 2 );
Hi @blindpet and @wpbullet
Due to inactivity we are closing this request.
Please reopen this request if above code didn't help.
Regards,
Ritesh
Hello, I am using EP with a self signed certificate, but when adding this code, I get an error:
Uncaught Error: Call to undefined function ep_get_host()
I see this answer is quite old, has something changed with the function's name?
Thanks!
Most helpful comment
Hi @wpbullet
You can add following snippet in your theme or in a custom plugin which will set sslveify to false only if it's ElasticPress request.