Why Proxy Elasticsearch?
Elasticsearch is a powerful search engine, but it is not designed to be exposed to the web. It is designed to be used by other APIs, which are then exposed to the web.
Its fine to build search experiences with Searchkit by talking to Elasticsearch directly, for fast prototyping and development. But when you are ready to deploy, you should proxy Elasticsearch from the web.
At the proxy, you can add security credentials, rate limiting, APM, and other features that are important for production.
Do I need to proxy Elasticsearch?
It depends. For internal use or a POC, talk to Elasticsearch directly. If for a high traffic website, you should proxy Elasticsearch from the web.
If you choose not to proxy Elasticsearch from the web, connect with read-only credentials. See connecting with an API key or connecting with a user.
Proxy with Searchkit
Searchkit provides built in support to proxy Elasticsearch from the web with a Node app. It works with any node based application that you can run on your own server.
If you don't use Node currently, getting started with using Cloudflare Workers is a good option due to its low cost (Free plans get 100,000 req/day) and great developer experience.
I don't want to use Node
If you don't want to use Node, you can proxy Elasticsearch with your own API server by creating a POST /_msearch
API and specify your application server in the host
property or building a custom transporter. Searchkit will continue to make Elasticsearch requests from the browser to the proxy which will then relay the request to Elasticsearch with read only security credentials and extra filtering restrictions (if needed).