Skip to content
Maxence Lange edited this page Jan 9, 2018 · 8 revisions

Complete Installation of FullTextSearch_ElasticSearch

Installation of the App on Nextcloud

  • If installing from the appstore, nothing else is needed to be done in this section. Skip to the next section and install the servlet.

  • If installing the app manually (ie. source downloaded from github), you will need to install some dependencies by running the command below in the root folder of the app:

 composer install

Installation of the ElasticSearch servlet

The document is about an installation on Debian using https://www.elastic.co/guide/en/elasticsearch/reference/6.1/deb.html
(Please keep me updated of your installation on other OS)

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https

echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list

sudo apt-get update && sudo apt-get install elasticsearch

Security:

This step will add Basic Authentication (with a login/password) to your ElasticSearch. This step can be bypassed if you have no issue leaving ElasticSearch running with no authentication.

Leaving ElasticSearch without authentication is NOT advised in any of those cases:

  • you have multiple Nextcloud,
  • you bind the daemon to a network,
  • user have ssh access to the server,
  • malicious script can be uploaded and executed.

There is 2 ways to implement Basic Authentication to your ElasticSearch:

  • The official plugin: x-pack with a 30 day trial license.
  • An open-source (GPLv3) plugin: ReadonlyREST

Security with ReadonlyREST

Installation of ReadonlyREST

Note: If you cannot find ReadonlyREST available for your current version of elasticsearch, you can downgrade using:

apt-get install elasticsearch=6.1.0

This is a simple configuration so you can index multiple Nextclouds on the same ElasticSearch, each one using it's own index and credentials:

readonlyrest:


  access_control_rules:

  - name: Accept requests from cloud1 on my_index
    groups: ["cloud1"]
    indices: ["my_index"]

  - name: Accept requests from cloud2 on another_index
    groups: ["cloud2"]
    indices: ["another_index"]


  users:

  - username: username
    auth_key: username:password
    groups: ["cloud1"]

  - username: test
    auth_key_sha1: a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
    groups: ["cloud2"]

Add and EDIT those lines into readonlyrest.yml (usually in /etc/elasticsearch/) with your very own credentials

This is where you define the login and password for your nextcloud, and the index to reach. In the lines above, we have 2 clouds (cloud1 and cloud2), each one having its own credentials to access its own index (my_index and another_index)

Note: yaml can be really sensitive to copypasta, if you have issue, please use this link

ingest-attachment

If you want to index non-plaintext content (PDF, by example) you will need:

sudo bin/elasticsearch-plugin install ingest-attachment

Usually, the elasticsearch-plugin executable is in /usr/share/elasticsearch/bin/

Restarting the service

Restart elasticsearch.

Clone this wiki locally