rdmpage
commented
4 years ago OK, more recent Bitnami Elasticsearch exposes the Elasticsearch server directly, there's not a web server sitting in front of it. I followed the instructions at https://docs.bitnami.com/general/apps/elasticsearch/administration/add-basic-auth-and-tls/ (tweaked slightly, see the README for this repo) and now there's a web server sitting in front of Elasticsearch that requires basic authentication.
Data keeps disappearing from the Elasticsearch server and bogus indices appeared as revealed by
_cat/indices(e.g.,zg6pozt4x5-meow). This is a meow attack. In this case, strangely, Bitnami leaves Elasticsearch completely open, I've posted a message about this: Elasticsearch credentials not needed to log in to server, so anyone can access.