Terminal Terminal | Web Web
Home  //  Play

SSL support: HTTPS interface

Difficulty: Beginner
Estimated Time: 6 minutes

Manticoresearch - https interface demo

In this tutorial we will show you how to setup https in Manticore Search

SSL support: HTTPS interface

Step 1 of 2

In Manticore 3.1.2 was added support for data encryption between your application or another client (curl, browser etc) and Manticore Search daemon. It's important to have it enabled if you need to protect your data (queries, repsponses) from interception inside your local network and especially if you connect to Manticore Search over the internet. Setting it up requires using certificates. Below is just an example of how it can be done with self-signed certificates, there may be other options like purchasing certificates signed by a real CA.

Certificates generation example

To generate CA key/certificate and server key/certificate you can do:

Generate CA private key: openssl genrsa 2048 > /var/lib/manticore/data/ca-key.pem

Generate self-signed CA (root) certificate from the private key (here we specify "CA" as its common name, you can remove -subj completely and fill in all the fields): openssl req -new -x509 -nodes -days 365 -key /var/lib/manticore/data/ca-key.pem -out /var/lib/manticore/data/ca-cert.pem -subj '/CN=CA'

Generate certificate request and server private key (we specify "127.0.0.1" as the common name as we will run the searchd on 127.0.0.1, you can remove -subj and specify whatever you want in real life): openssl req -newkey rsa:2048 -days 365 -nodes -keyout /var/lib/manticore/data/server-key.pem -out /var/lib/manticore/data/server-req.pem -subj '/CN=127.0.0.1'

Generate certificate from the request, CA key and root cert: openssl x509 -req -in /var/lib/manticore/data/server-req.pem -days 365 -CA /var/lib/manticore/data/ca-cert.pem -CAkey /var/lib/manticore/data/ca-key.pem -set_serial 01 -out /var/lib/manticore/data/server-cert.pem

Verify the server certificate with the CA certificate: openssl verify -CAfile /var/lib/manticore/data/ca-cert.pem /var/lib/manticore/data/server-cert.pem

Connecting to Manticore Search via https

Check on which port HTTP interface can be used: cat /var/lib/manticore/data/manticore.conf|egrep "listen" Starting with 3.5.0 the api and http interface can work on same port. If the listen port doesn't specify the interface, means it can accept secured HTTP connections.

Run the Manticore Search daemon: searchd -c /var/lib/manticore/data/manticore.conf

Verify that the secure connection works (you should see a JSON response): curl --cacert /var/lib/manticore/data/ca-cert.pem "https://127.0.0.1:9308/sql" -d "query=select * from rt where match('abc')";

The CA certificate has to be provided as we used a self-signed certificate. If you don't specify the proper CA certificate it will fail, e.g. let's try to give it our certificate request file instead of the CA certificate: curl --cacert /var/lib/manticore/data/server-req.pem "https://127.0.0.1:9308/sql" -d "query=select * from rt where match('abc')";

You can also omit this completely by using curl -k option: curl -k "https://127.0.0.1:9308/sql" -d "query=select * from rt where match('abc')";

but it's less secure, however may make sense in some cases.

That's it. Not that difficult.