Connection Setup

Configure Elasticsearch and OpenSearch connections in Sigmie — basic auth, API keys, bearer tokens, SSL certificates, and multi-node clusters.

On this page

The Installation guide covers basic local connections. This page covers everything else: production auth, SSL, multi-node clusters, and cloud providers.

Sigmie uses the same connection API for Elasticsearch and OpenSearch. Only the engine type and credentials change.

Authentication

Basic auth

use Sigmie\Sigmie;
 
$sigmie = Sigmie::create(
    hosts: ['https://elasticsearch.example.com:9200'],
    config: [
        'auth' => ['elastic', 'your-password'],
    ]
);

For lower-level control, build the client manually:

use Sigmie\Http\JSONClient;
use Sigmie\Base\Http\ElasticsearchConnection;
use Sigmie\Base\Drivers\Elasticsearch;
 
$client = JSONClient::createWithBasic(
    hosts: ['https://elasticsearch.example.com:9200'],
    username: 'elastic',
    password: 'your-password'
);
 
$connection = new ElasticsearchConnection($client, new Elasticsearch);
$sigmie = new Sigmie($connection);

API key

Generate the key in Elasticsearch:

curl -X POST "localhost:9200/_security/api_key" \
  -H 'Content-Type: application/json' \
  -u elastic:your-password \
  -d '{"name": "my-api-key", "expiration": "90d"}'

Base64-encode id:api_key and pass it as the Authorization header:

$sigmie = Sigmie::create(
    hosts: ['https://elasticsearch.example.com:9200'],
    config: [
        'headers' => [
            'Authorization' => 'ApiKey ' . base64_encode('id:api_key'),
        ],
    ]
);

Bearer token

$sigmie = Sigmie::create(
    hosts: ['https://elasticsearch.example.com:9200'],
    config: [
        'headers' => [
            'Authorization' => 'Bearer your-token-here',
        ],
    ]
);

SSL/TLS

Self-signed certificates (development)

$sigmie = Sigmie::create(
    hosts: ['https://localhost:9200'],
    config: ['verify' => false],
);

Warning: Never disable SSL verification in production.

Custom CA certificates

$sigmie = Sigmie::create(
    hosts: ['https://elasticsearch.example.com:9200'],
    config: ['verify' => '/path/to/ca-certificate.pem'],
);

Multiple nodes

$sigmie = Sigmie::create(
    hosts: [
        '10.0.0.1:9200',
        '10.0.0.2:9200',
        '10.0.0.3:9200',
    ],
    config: ['auth' => ['elastic', 'your-password']],
);

Requests are distributed round-robin. If a node fails, Sigmie retries the next one.

OpenSearch

Specify the engine type:

use Sigmie\Enums\SearchEngineType;
 
$sigmie = Sigmie::create(
    hosts: ['https://localhost:9200'],
    engine: SearchEngineType::OpenSearch,
    config: [
        'auth' => ['admin', 'MyStrongPass123!@#'],
        'verify' => false,
    ]
);

See OpenSearch for the full integration.

Cloud providers

Elastic Cloud

$sigmie = Sigmie::create(
    hosts: ['https://my-deployment.es.us-east-1.aws.found.io:9243'],
    config: ['auth' => ['elastic', 'your-cloud-password']],
);

Find your endpoint in the deployment dashboard under “Elasticsearch endpoint.”

AWS OpenSearch Service

AWS requires IAM-signed requests. Build a Guzzle handler with the AWS SDK:

use Aws\Credentials\CredentialProvider;
use Aws\Signature\SignatureV4;
use GuzzleHttp\HandlerStack;
use GuzzleHttp\Middleware;
use Sigmie\Http\JSONClient;
use Sigmie\Base\Http\ElasticsearchConnection;
use Sigmie\Base\Drivers\Opensearch;
 
$credentials = CredentialProvider::defaultProvider()();
$signer = new SignatureV4('es', 'us-east-1');
$handler = HandlerStack::create();
$handler->push(Middleware::mapRequest(fn ($request) =>
    $signer->signRequest($request, $credentials)
));
 
$client = JSONClient::create(
    hosts: ['https://search-domain.us-east-1.es.amazonaws.com:443'],
    config: ['handler' => $handler]
);
 
$connection = new ElasticsearchConnection($client, new Opensearch);
$sigmie = new Sigmie($connection);

Configuration options

The config array accepts any Guzzle HTTP option. Common ones:

Option Type Default Description
connect_timeout int 10 Seconds to wait for the connection.
timeout int 30 Seconds to wait for the response.
verify bool|string true SSL verification (boolean or CA path).
auth array null Basic auth ['username', 'password'].
headers array [] Custom HTTP headers.

Timeouts

$sigmie = Sigmie::create(
    hosts: ['127.0.0.1:9200'],
    config: [
        'connect_timeout' => 15,
        'timeout' => 120,           // long for bulk operations
    ]
);

Environment-based configuration

$sigmie = Sigmie::create(
    hosts: explode(',', $_ENV['ELASTICSEARCH_HOSTS']),
    config: [
        'auth' => [$_ENV['ES_USER'], $_ENV['ES_PASSWORD']],
        'verify' => $_ENV['ES_VERIFY_SSL'] === 'true',
    ]
);

Verify the connection

if ($sigmie->isConnected()) {
    echo "Connected.\n";
}
 
foreach ($sigmie->indices() as $index) {
    echo $index->name . "\n";
}

Troubleshooting

cURL error 7: Failed to connect The cluster isn’t running, or your host/port is wrong. Try curl http://localhost:9200.

cURL error 60: SSL certificate problem Use 'verify' => false in development, a valid certificate in production, or 'verify' => '/path/to/ca.pem' for a custom CA.

401 Unauthorized Wrong credentials, or auth isn’t configured the way you think. Check cluster security logs.

cURL error 28: Operation timed out Increase connect_timeout and timeout. For bulk operations, 60–120 seconds is common.