XF can't access Elasticsearch hosted service due to https.

Baron

Baron

Member
We've been using the hosted Elasticsearch service at cloud.elastic.co for our search indexing but now it appears they are forcing the use of https, which breaks XF 1.5.x's ability to use it, which is causing all sorts of errors.

So https works:

https://b864c4a760356977ba75ef8219af4cd3.us-east-1.aws.found.io:9243/

but http doesn't:

http://b864c4a760356977ba75ef8219af4cd3.us-east-1.aws.found.io:9243/

I would like a patch or solution for this so that XF 1.5.x enhanced search can continue working.
 
Sort by date Sort by votes
Enhanced Search 1.x doesn't support HTTPS, though it was added to Enhanced Search 2.0, so that's all we can recommend at this point.
 
Upvote 0 Downvote
That's a major problem because aside from users not being able to search, now moderators can't even delete posts because the elasticsearch server can't be accessed any longer.
 
Upvote 0 Downvote
At this point all we can recommend is self hosting the service, using a different hosted service that doesn’t enforce HTTPS or disabling it entirely and rebuilding the search index and running with MySQL search. The latter is certainly a reasonable temporary workaround until you can secure a more permanent solution.
 
Upvote 0 Downvote
Elasticsearch support came back with this:

In order to recover from this issue you need to please configure shield with your required users and make sure that you authenticate to the cluster. https://www.elastic.co/guide/en/cloud/saas-release/security.html#enable-shield
Your cluster was previously without any authentication and accessible by any one, and as such a security concern.
For clusters running ES versions older than 5.0 we have enforced authentication and banned any use of anonymous user, we have communicated this on 2 occasions before and despite our initial plan to implement this in December last year we provided more time for customers to apply the necessary changes on their side.
The final notification on this went out on 7th of Feb clearly stating 19th of February as the deadline.
Please follow the documentation and set up authentication, let me know if you have any further questions.

Thanks.
Click to expand...

Of course, all that is useless info since XF Enhanced Search for 1.5.x doesn't support authentication or https, so I opted to rebuild the search index via MySQL.
 
Upvote 0 Downvote
Its good that this issue is fixed in XF2.
It leaks private conversations, profile posts and private node content. Conversations if you index those by using @Xon 's search addons. There are also addons like chat, etc which can have sensitive data.
Which is especially problematic if personal data is transmitted.
 
Last edited:
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

H
  • Question Question
ES 2.2 How To Upgrade Elasticsearch 7.x for Xenforo on CentOS
Replies
0
Views
190
HappyWorld
H
Recep Baltaş
  • Solved
XF 2.2 Elasticsearch error: no such index
Replies
12
Views
1K
noxa
N
O
  • Question Question
Enhanced Search continues to give error messages hourly.
Replies
2
Views
1K
oneobgynmd
O
Paul B
  • Locked
  • Sticky
  • Question Question
XenForo Cloud FAQ
Replies
0
Views
5K
Paul B
Paul B
Mr. Jinx
Testers wanted: Elasticsearch Service for XenForo (*FREE*)
Replies
0
Views
2K
Mr. Jinx
Mr. Jinx
Top Bottom