I have an elasicsearch instance running on my server. I have to configure it in such a way that it's only accessible via my local computer's public IP. I tried changing network.host: to my local IP but its not working. can anyone tell me what m I doing wrong.
-
you are looking at netowork.host in a wrong way. Read stackoverflow.com/questions/42019852/…user3775217– user37752172017-03-07 07:27:01 +00:00Commented Mar 7, 2017 at 7:27
-
So is there any way that I can achieve what I want ?Tushar Chevulkar– Tushar Chevulkar2017-03-07 07:48:22 +00:00Commented Mar 7, 2017 at 7:48
-
you want to secure it only to access your IP or you just want to enable remote access ?user3775217– user37752172017-03-07 07:59:53 +00:00Commented Mar 7, 2017 at 7:59
-
only my local computer should be allowed.Tushar Chevulkar– Tushar Chevulkar2017-03-07 20:01:53 +00:00Commented Mar 7, 2017 at 20:01
-
@TusharChevulkar: On your server this is a job of a firewall or iptables rules, which denies all traffic from anywhere, but allows from your client ip-address.cinhtau– cinhtau2017-03-07 20:34:26 +00:00Commented Mar 7, 2017 at 20:34
Add a comment
|
1 Answer
Then i can suggest you two things here.
1) Either you put nginx reverse proxy in front of your elasticsearch server and filter the ip address you want to allow to connect elasticsearch.
In nginx.conf file in /usr/local/nginx/conf/ , for more info
location / {
# block one workstation
deny 192.168.1.1;
# allow anyone in 192.168.1.0/24
allow 192.168.1.0/24;
# drop rest of the world
deny all;
}
2) Or you can use elastic shield plugin which comes with X-pack and you can use IP filtering feature to restrict the access to your elasticcluster.
In elasticsearch.yml file
shield.transport.filter.allow: "192.168.0.1"
shield.transport.filter.deny: "192.168.0.0/24"
Also you can edit these settings using their REST api
curl -XPUT localhost:9200/_cluster/settings -d '{
"persistent" : {
"shield.transport.filter.allow" : "172.16.0.0/24"
}
}'
read more here. Thanks
