If you are on AWS you can set up a VPC and connect using an internal IP address that is not open to the internet. You will need to open up port 9200, but it will only be accessible within the VPC. This way all traffic goes through your Python application and Elasticsearch can not be accessed from the internet.
that sounds the way to do it. I will examine that, thank you.
is the flask app running on the same instance as ES?
If so, use 'host': '0.0.0.0' in your python code above. Also you don't need the http:// in your host value.
Even if your flask app is not on the same server as the index, if you do have some flask app running on that server, that can serve as the layer between the user and elastic search.
All incoming queries to elasticsearch from wherever on the internet can talk to that app instead, through whatever port, and that app can then query elasticsearch. It would only support the kinds of queries you want users to be able to issue to elasticsearch. Even if the API for this app was something like:
{'query': 'your full es query goes here'}
you could have some string matching filters to prevent malicious queries. This wouldn't be ideal, but the point is you can control what gets to elasticsearch with the logic in that flask app.
Yes it is. 0.0.0.0 in my python code means that the connection string would be:
es = Elasticsearch("0.0.0.0") ?
I suspect that is not what you mean. I will give it a try though. Perhaps you mean:
if __name__ == '__main__':
application.debug = True
application.run(host="0.0.0.0")
At the moment I am exploring the private IP address in a vpc with acces that way.
I appreciate you thinking about my problem, thank you.
I'm using elasticsearch 5.5, but what works for me is:
es_hosts = [{"host":"0.0.0.0","port":9200}]
Elasticsearch(hosts=es_hosts)
Also, just in case, your flask app isn't containerized in any way right?
thank you, very helpful. No it isn't. Happy Christmas!
no problem, same to you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.