From bdf2c4b9f46b85f0512433976411208e3e9ac2db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Honza=20Kr=C3=A1l?= Date: Mon, 29 Dec 2014 17:11:18 +0100 Subject: [PATCH] Added docs on SSL and auth options --- README.rst | 1 + docs/index.rst | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/README.rst b/README.rst index f5e3725c..b0e4b511 100644 --- a/README.rst +++ b/README.rst @@ -78,6 +78,7 @@ The client's features include: * load balancing (with pluggable selection strategy) across all available nodes * failed connection penalization (time based - failed connections won't be retried until a timeout is reached) + * support for ssl and http authentication * thread safety * pluggable architecture diff --git a/docs/index.rst b/docs/index.rst index b11050ef..d0a0ae08 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -128,6 +128,44 @@ Some example configurations:: es = Elasticsearch(["seed1", "seed2"], sniff_on_start=True, sniff_on_connection_fail=True, sniffer_timeout=60) +SSL and Authentication +~~~~~~~~~~~~~~~~~~~~~~ + +You can configure the client to use ``SSL`` for connecting to your +elasticsearch cluster, including certificate verification and http auth:: + + from elasticsearch import Elasticsearch + + # you can use RFC-1738 to specify the url + es = Elasticsearch(['https://user:secret@localhost:443']) + + # ... or specify common parameters as kwargs + + # use certifi for CA certificates + import certifi + + es = Elasticsearch( + ['localhost', 'otherhost'], + http_auth=('user', 'secret'), + port=443, + use_ssl=True, + verify_certs=True, + ca_certs=certifi.where(), + ) + + +.. note:: + + By default SSL certificates won't be verified, pass in + ``verify_certs=True`` to make sure your certificates will get verified. The + client doesn't ship with any CA certificates; easiest way to obtain the + common set is by using the `certify`_ package (as shown above). + +See class :class:`~elasticsearch.Urllib3HttpConnection` for detailed +description of the options. + +.. _certifi: http://certifi.io/ + Logging ~~~~~~~