简体繁体 English

从云外部访问EC2实例上的ElasticSearch

[英]Accessing ElasticSearch on EC2 instance from outside the cloud

原文 2016-09-07 00:17:03 2 3 amazon-web-services/ elasticsearch/ amazon-ec2/ aws-security-group

I am trying to access my ElasticSearch on a running EC2 instance from outside the Cloud. 我试图从云外部运行的EC2实例上访问我的ElasticSearch 。 I currently have SSH/HTTP/HTTPS open to the public for inbound traffic as well as all open for outbound traffic. 我目前有SSH / HTTP / HTTPS对公众开放入站流量以及所有对出站流量开放。 I set up a public IP for my EC2 instance as well. 我也为我的EC2实例设置了一个公共IP。

By default ElasticSearch is on port 9200 . 默认情况下，ElasticSearch位于端口9200 。 I'm not sure if I configured my elasticsearch.yml file correctly but it basically has the default configuration I only changed the cluster.name to something else. 我不确定我是否正确配置了elasticsearch.yml文件，但它基本上具有默认配置我只将cluster.name更改为其他内容。

When I type in my public IP with port 9200 into my local browser or locally do a telnet {public-ip} 9200 , there is no response. 当我使用端口9200键入我的公共IP到我的本地浏览器或在本地执行telnet {public-ip} 9200 ，没有响应。 When I SSH into my EC2 instance. 当我SSH到我的EC2实例时。 I can perform a curl localhost:9200 and I get the correct response from elasticsearch 我可以执行curl localhost:9200 ，我从elasticsearch获得正确的响应

How can I connect to my ElasticSearch running on my EC2 instance from outside the cloud? 如何从云外部连接到我的EC2实例上运行的ElasticSearch ？

I added a Custom Rule for my security group for inbound traffic that includes port 9200 and is open to 0.0.0.0/0 and I still cannot access this EC2 instance 我为我的安全组添加了一个自定义规则，用于包含端口9200入站流量，并且对0.0.0.0/0开放，我仍然无法访问此EC2实例

3 个解决方案

Potential issues to check are wrong binding and instance operating system firewall. 要检查的潜在问题是错误的绑定和实例操作系统防火墙。

Check where elasticsearch is binding, as if it is binding to 127.0.0.1 you won't be able to reach it from the outside. 检查elasticsearch绑定的位置，就好像它绑定到127.0.0.1一样，您将无法从外部访问它。

Check binding by running in one shell on the elasticsearch ec2: 通过在elasticsearch ec2上的一个shell中运行来检查绑定：

sudo netstat -lptun | sudo netstat -lptun | grep 9200 grep 9200

If it shows 127.0.0.1:9200 then there is a misconfiguration if otherwise shows *:9200 or :9200 then it is correct. 如果显示127.0.0.1:9200则会出现配置错误，否则显示*：9200或：9200则表示正确。

If it shows 127.0.0.1 then you should modify elasticsearch parameter network.bind_host as described in: https://www.elastic.co/guide/en/elasticsearch/reference/1.4/modules-network.html 如果它显示127.0.0.1，则应修改elasticsearch参数network.bind_host，如下所述： https ： //www.elastic.co/guide/en/elasticsearch/reference/1.4/modules-network.html

Additionally http/HTTPS and ssh are usually allowed by default operating system firewall, whereas elasticsearch 9200 is not. 此外，默认操作系统防火墙通常允许使用http / HTTPS和ssh，而弹性搜索9200则不允许。 This is usually the case for rhel and centos. 这通常是rhel和centos的情况。 You can temporarily disable iptables and check if it works. 您可以暂时禁用iptables并检查它是否有效。

To disable iptables run: 要禁用iptables运行：

sudo iptables -F sudo iptables -F

If after disabling iptables the connection works you should configure iptables to allow connection on 9200. 如果禁用iptables后连接工作，你应该配置iptables以允许连接9200。

I hope this helps. 我希望这有帮助。

G. G。

It is mess around Security Groups 安全组很乱

You can add or remove rules for a security group (also referred to as authorizing or revoking inbound or outbound access). 您可以添加或删除安全组的规则（也称为授权或撤消入站或出站访问）。

You shuld use the SG while launching your instance whith bounded 9200 你可以在启动你的实例时使用SG，其中包含9200

建立从桌面到EC2的SSH隧道..然后只需使用您的浏览器..按照https://www.jeremydaly.com/access-aws-vpc-based-elasticsearch-cluster-locally/中给出的步骤操作