堆栈内存溢出
  简体   繁体   English

允许远程访问Elasticsearch

[英]Allowing remote access to Elasticsearch

 原文  2013-08-28 22:29:27       python/ security/ lucene/ debian/ elasticsearch

问题描述

I have a default installation of Elasticsearch which I am trying to query from a third party server. 我有一个默认安装的Elasticsearch,我试图从第三方服务器查询。 However, it seems that by default this is blocked. 但是,似乎默认情况下会被阻止。

Is anyone please able to tell me how I can configure Elasticsearch so that I can query it from a different server? 是否有人能够告诉我如何配置Elasticsearch以便我可以从其他服务器查询它?

5 个解决方案

解决方案1
 3  2016-05-05 09:52:54

In config/elasticsearch.yml, put network.host: 0.0.0.0. 在config / elasticsearch.yml中,输入network.host:0.0.0.0。 And also add Inbound Rule in firewall for your ElasticSearch port(9200 ByDefault). 并在防火墙中为您的ElasticSearch端口添加入站规则(9200 ByDefault)。 It worked in ElasticSearch version 2.3.0 它适用于ElasticSearch版本2.3.0

解决方案2
 2  2013-08-29 15:53:22

Edit : As Sisso mentions in his comment below, Elasticsearch as of 2.0 at least binds to localhost by default. 编辑 :正如Sisso在下面的评论中提到的,默认情况下,Elasticsearch从2.0开始至少绑定到localhost。 See https://www.elastic.co/guide/en/elasticsearch/reference/2.0/modules-network.html for more information. 有关详细信息,请参阅https://www.elastic.co/guide/en/elasticsearch/reference/2.0/modules-network.html

As Damien mentions in his answer, by default ES allows all access to port 9200 . 正如Damien在他的回答中提到的,默认情况下ES允许所有访问端口9200 In fact, you need to use external tools to provide authentication to the ES resource - something like a webapp frontend or just simple nginx with Basic Auth turned on. 实际上,您需要使用外部工具为ES资源提供身份验证 - 例如webapp前端或仅启用Basic Auth的简单nginx。

Things that can prevent you from accessing a remote system (you probably know these): 可能阻止您访问远程系统的事情(您可能知道这些):

  • network configuration problems 网络配置问题
  • ES host firewall blocks incoming requests on port 9200 ES主机防火墙阻止端口9200上的传入请求
  • remote host firewall blocks outgoing requests to ES host and/or port 9200 远程主机防火墙阻止对ES主机和/或端口9200传出请求
  • ES is configured to bind to the wrong IP address (by default however, it binds to all available IPs) ES配置为绑定到错误的IP地址(默认情况下,它绑定到所有可用的IP)

Best guess? 最佳的揣测? Check that you can connect from remote host to ES host, then check firewall on both systems. 检查您是否可以从远程主机连接到ES主机,然后检查两个系统上的防火墙。 If you can't diagnose further, maybe someone on the ES mailing list ( https://groups.google.com/forum/#!forum/elasticsearch ) or IRC channel (#elasticsearch on Freenode) can help. 如果您无法进一步诊断,可能是ES邮件列表( https://groups.google.com/forum/#!forum/elasticsearch )或IRC频道(Freenode上的#elasticsearch)上的某人可以提供帮助。

解决方案3
 2 已采纳  2017-05-29 16:05:39

When elasticsearch is installed and run without any configuration changes by default it binds to localhost only. 如果在没有任何配置更改的情况下安装并运行elasticsearch,则它仅绑定到localhost。 To access the elasticsearch REST API endpoint remotely the below changes has to be made on the server where elasticsearch has been installed. 要远程访问elasticsearch REST API端点,必须在已安装elasticsearch的服务器上进行以下更改。

  • Elasticsearch Configuration Change Update the network.host property in elasticsearch.yml as per the guidelines provided in the elasticsearch documentation For example to bind to all IPv4 addresses on the local machine, change as below network.host : 0.0.0.0 Elasticsearch配置更改根据elasticsearch文档中提供的准则更新elasticsearch.yml中的network.host属性例如,要绑定到本地计算机上的所有IPv4地址,请更改如下network.host:0.0.0.0

  • Firewall Rules Update Update the Linux firewall to allow access to port 9200. Please refer your Linux documentation for adding rules to the firewall. 防火墙规则更新更新Linux防火墙以允许访问端口9200.请参阅Linux文档以将规则添加到防火墙。

For example to allow access to all the servers(public) in CentosOS use the firewall-cmd 例如,要允许访问CentosOS中的所有服务器(公共),请使用firewall-cmd 

sudo firewall-cmd --zone=public --permanent --add-port=9200/tcp
sudo firewall-cmd --reload

Note : In production environment public access is discouraged. 注意:在生产环境中,不鼓励公共访问。 A restricted access should be preferred. 应优先考虑限制访问。

解决方案4
 1  2013-08-29 15:14:29

There is no restriction by default, ElasticSearch expose a standard HTTP API on the port 9200 . 默认情况下没有限制,ElasticSearch在端口9200上公开标准HTTP API。

From your third party server, are you able to: curl http://es_hostname:9200/ ? 从您的第三方服务器,您能够: curl http://es_hostname:9200/

解决方案5
 1  2016-05-24 23:43:28

To allow remote access with one default node, settings\\elasticsearch.yml should have: 要允许使用一个默认节点进行远程访问, settings\\elasticsearch.yml应具有: 

network.host: 0.0.0.0
http.port: 9200

My case I need three instances. 我的情况我需要三个实例。 For each instance, it's necessary declare also the port range used. 对于每个实例,还必须声明使用的端口范围。 

network.host: 0.0.0.0
http.port: 9200-9202

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 允许用户访问adminpanel? - allowing a user to access adminpanel? 只允许登录用户访问URL - Allowing URL access only to logged-in users 使用 python 的 Elasticsearch package 连接到远程 Elasticsearch 服务器 - Connecting to remote Elasticsearch server with python's Elasticsearch package python上的远程数据库访问 - Remote database access on python django远程访问基础知识 - django remote access basics django模型的远程访问 - Remote access of django models 试图访问 Elasticsearch 中的数据 - Trying to access data in Elasticsearch indecies 允许从 web 访问隐藏文件夹。 Plotly-dash - Allowing access to hidden folder from web. Plotly-dash django 中只允许经过身份验证的用户访问某些页面 - Only allowing authenticated users to access certain pages in django 使用Python远程访问mySQL - Remote access to mySQL using Python
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM