Can you manually curl geoip.elastic.co to get geo data?

spuder · January 12, 2022, 9:01pm

I have an Elasticsearch cluster that does not have internet access for security. According to the documentaiton it is possible to mirror your own geoip endpoint

I have a mirror setup, however I'm unable to test if the mirror is working because its not clear to me how Elasticsearch downloads the data from geoip.elastic.co

I'm attempting something like this using curl

curl https://geoip.elastic.co/v1/database

Which unfortunately just gives me this error

            <!DOCTYPE html>
            <html lang="en">
            <head>
                <meta charset="utf-8">
                <title>400 Bad Request</title>
            </head>
            <body align="center">
                <div role="main" align="center">
                    <h1>400: Bad Request</h1>
                    <p>The request could not be understood by the server due
                to malformed syntax.</p>
                    <hr />
                </div>
                <div role="contentinfo" align="center">
                    <small>Rocket</small>
                </div>
            </body>
            </html>

I'm unable to find API documentation for geoip.elastic.co. How can I manually download the data to test if my proxy is working?

spuder · January 12, 2022, 9:45pm

My proxy captured this when pointing Elasticsearch at the mirror

10.47.65.2 - - [12/Jan/2022:14:19:16 -0700] "GET /geoip_elastic_co/v1/database?key=d1000358-2c34-4c4c-8f4b-REDACTED&elastic_geoip_service_tos=agree HTTP/1.1" 404 74 "-" "Manticore 0.7.1"

So a curl request that works is

curl "https://geoip.elastic.co/v1/database?key=d1000358-2c34-REDACTED&elastic_geoip_service_tos=agree"

spuder · January 12, 2022, 10:07pm

Terraform code for mirroring in artifactory

resource "artifactory_remote_repository" "geoip-elastic-co" {
  key                     = "geoip-elastic-co-remote"
  package_type            = "generic"
  url                     = "https://geoip.elastic.co"
  repo_layout_ref         = "simple-default"
  store_artifacts_locally = false
  propagate_query_params  = true
  notes                   = "managed by terraform"
  content_synchronisation {
    enabled = false
  }
  includes_pattern = "v1/database/*"
}

system · February 9, 2022, 10:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Self host cluster no geoip data Elasticsearch	5	146	May 24, 2024
Error downloading GeoIP behind proxy in Elasticsearch Elasticsearch	2	5896	May 20, 2022
GeoIP Service Elasticsearch requires connection to storage.googleapis.com Elasticsearch	0	7	October 10, 2024
GeoIP - Elasticsearch Elasticsearch	10	64	July 12, 2024
GeoIP problems Elasticsearch	9	36	November 1, 2024

Can you manually curl geoip.elastic.co to get geo data?

Related topics