SSL and Authenticationedit

You can configure the client to use SSL for connecting to your elasticsearch cluster, including certificate verification and http auth.

Basic Authedit

Basic authentication credentials can be configured on a per-host basis using URL notation, or at the auth: property of a host config object.

Credentials directly in the host url: 

var client = new elasticsearch.Client({
  host: 'https://user:password@my-site.com:9200'
})

Credentials as a property of the host config: 

var client = new elasticsearch.Client({
  host: [
    {
      host: 'es1.internal.org',
      auth: 'user:password',
      protocol: 'https',
      port: 9200
    }
  ]
});

HTTPS/SSLedit

Without any additional configuration you can specify https:// host urls, but the certificates used to sign these requests will not verified (rejectUnauthorized: false). To turn on certificate verification you must specify an ssl: object either in the top level config or in each host config object and set rejectUnauthorized: true. The ssl config object can contain many of the same configuration options that tls.connect() accepts. For convenience these options are also listed in the configuration reference.

Specify a certificate authority that should be used to verify server certifcates on all nodes: 

var client = new elasticsearch.Client({
  hosts: [
    'https://box1.internal.org:9200',
    'https://box2.internal.org:9200',
    'https://box3.internal.org:9200'
  ],
  ssl: {
    ca: fs.readFileSync('./cacert.pem'),
    rejectUnauthorized: true
  }
});