Elasticsearch 8.4.3 enable remote access

Elastic Stack Elasticsearch
1

Hello,

We took a server to test Elasticsearch version 8.4.3 and do some tests.
We followed the installation steps:

Elasticsearch starts fine and responds to:
curl -X GET http://localhost:9200

We are trying to make Elasticsearch accessible from the outside and the browser by typing http://111.222.333.444:9200, unfortunately this does not work.

I think we've gone through what's out there like tutorials, forums, videos... and still no solution, we don't know what's wrong.

We also open ports 9200 and 9300
sudo ufw allow 9200/tcp
sudo ufw allow 9300/tcp

If anyone can tell us what is wrong.

Here is the configuration of the elasticsearch.yml file:

cluster.name: ns3093629
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200

# Enable security features
xpack.security.enabled: false

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["node-1"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
transport.host: 0.0.0.0
transport.port: 9300

Thanks for your help.

2

Welcome to our community! :smiley:

I would just set network.host: 0.0.0.0 as that covers both of these.

Once you do that, restart Elasticsearch and then please post the logs from startup, then we can guide you from there :slight_smile:

3

By the outside you mean outside your Elasticsearch server but in your internal network or from outside your internal network, through the public internet?

4

Yes, to access it from the public internet, to test on different servers that are not on the same network.

5

@warkolm this is the setup I currently have.
I just deleted the logs and restarted Elasticsearch
Here is the content of the file /var/log/elasticsearch.log

[2022-11-01T07:35:46,883][INFO ][o.e.n.Node               ] [ns3093629] version[8.4.3], pid[13209], build[deb/42f05b9372a9a4a470db3b52817899b99a76ee73/2022-10-04T07:17:24.662462378Z], OS[Linux/5.4.0-131-generic/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/18.0.2.1/18.0.2.1+1-1]
[2022-11-01T07:35:46,889][INFO ][o.e.n.Node               ] [ns3093629] JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]
[2022-11-01T07:35:46,889][INFO ][o.e.n.Node               ] [ns3093629] JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-14514674898783867629, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms16003m, -Xmx16003m, -XX:MaxDirectMemorySize=8392802304, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=25, -Des.distribution.type=deb, --module-path=/usr/share/elasticsearch/lib, --add-modules=jdk.net, -Djdk.module.main=org.elasticsearch.server]
[2022-11-01T07:35:48,628][INFO ][c.a.c.i.j.JacksonVersion ] [ns3093629] Package versions: jackson-annotations=2.13.2, jackson-core=2.13.2, jackson-databind=2.13.2.2, jackson-dataformat-xml=2.13.2, jackson-datatype-jsr310=2.13.2, azure-core=1.27.0, Troubleshooting version conflicts: https://aka.ms/azsdk/java/dependency/troubleshoot
[2022-11-01T07:35:49,931][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [aggs-matrix-stats]
[2022-11-01T07:35:49,932][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [analysis-common]
[2022-11-01T07:35:49,932][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [constant-keyword]
[2022-11-01T07:35:49,932][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [data-streams]
[2022-11-01T07:35:49,933][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [frozen-indices]
[2022-11-01T07:35:49,933][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [ingest-attachment]
[2022-11-01T07:35:49,933][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [ingest-common]
[2022-11-01T07:35:49,934][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [ingest-geoip]
[2022-11-01T07:35:49,934][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [ingest-user-agent]
[2022-11-01T07:35:49,934][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [kibana]
[2022-11-01T07:35:49,934][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [lang-expression]
[2022-11-01T07:35:49,935][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [lang-mustache]
[2022-11-01T07:35:49,935][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [lang-painless]
[2022-11-01T07:35:49,935][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [legacy-geo]
[2022-11-01T07:35:49,936][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [mapper-extras]
[2022-11-01T07:35:49,936][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [mapper-version]
[2022-11-01T07:35:49,936][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [old-lucene-versions]
[2022-11-01T07:35:49,937][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [parent-join]
[2022-11-01T07:35:49,937][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [percolator]
[2022-11-01T07:35:49,937][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [rank-eval]
[2022-11-01T07:35:49,937][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [reindex]
[2022-11-01T07:35:49,938][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [repositories-metering-api]
[2022-11-01T07:35:49,938][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [repository-azure]
[2022-11-01T07:35:49,938][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [repository-encrypted]
[2022-11-01T07:35:49,938][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [repository-gcs]
[2022-11-01T07:35:49,939][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [repository-s3]
[2022-11-01T07:35:49,939][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [repository-url]
[2022-11-01T07:35:49,939][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [runtime-fields-common]
[2022-11-01T07:35:49,939][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [search-business-rules]
[2022-11-01T07:35:49,939][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [searchable-snapshots]
[2022-11-01T07:35:49,940][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [snapshot-based-recoveries]
[2022-11-01T07:35:49,940][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [snapshot-repo-test-kit]
[2022-11-01T07:35:49,940][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [spatial]
[2022-11-01T07:35:49,940][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [systemd]
[2022-11-01T07:35:49,941][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [transform]
[2022-11-01T07:35:49,941][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [transport-netty4]
[2022-11-01T07:35:49,941][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [unsigned-long]
[2022-11-01T07:35:49,941][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [vector-tile]
[2022-11-01T07:35:49,942][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [wildcard]
[2022-11-01T07:35:49,942][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-aggregate-metric]
[2022-11-01T07:35:49,942][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-analytics]
[2022-11-01T07:35:49,943][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-async]
[2022-11-01T07:35:49,943][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-async-search]
[2022-11-01T07:35:49,943][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-autoscaling]
[2022-11-01T07:35:49,943][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-ccr]
[2022-11-01T07:35:49,944][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-core]
[2022-11-01T07:35:49,944][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-deprecation]
[2022-11-01T07:35:49,944][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-enrich]
[2022-11-01T07:35:49,945][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-eql]
[2022-11-01T07:35:49,945][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-fleet]
[2022-11-01T07:35:49,945][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-graph]
[2022-11-01T07:35:49,945][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-identity-provider]
[2022-11-01T07:35:49,945][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-ilm]
[2022-11-01T07:35:49,946][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-logstash]
[2022-11-01T07:35:49,946][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-ml]
[2022-11-01T07:35:49,946][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-monitoring]
[2022-11-01T07:35:49,946][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-ql]
[2022-11-01T07:35:49,947][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-rollup]
[2022-11-01T07:35:49,947][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-security]
[2022-11-01T07:35:49,947][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-shutdown]
[2022-11-01T07:35:49,947][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-sql]
[2022-11-01T07:35:49,948][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-stack]
[2022-11-01T07:35:49,948][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-text-structure]
[2022-11-01T07:35:49,948][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-voting-only-node]
[2022-11-01T07:35:49,948][INFO ][o.e.p.PluginsService     ] [ns3093629] loaded module [x-pack-watcher]
[2022-11-01T07:35:49,949][INFO ][o.e.p.PluginsService     ] [ns3093629] no plugins loaded
[2022-11-01T07:35:52,665][INFO ][o.e.e.NodeEnvironment    ] [ns3093629] using [1] data paths, mounts [[/ (/dev/md127)]], net usable_space [385.5gb], net total_space [410.4gb], types [ext4]
[2022-11-01T07:35:52,665][INFO ][o.e.e.NodeEnvironment    ] [ns3093629] heap size [15.6gb], compressed ordinary object pointers [true]
[2022-11-01T07:35:52,713][INFO ][o.e.n.Node               ] [ns3093629] node name [ns3093629], node ID [CYPa1W31SoawjlH3GVbFVA], cluster name [elasticsearch], roles [data_hot, ml, data_frozen, ingest, data_cold, data, remote_cluster_client, master, data_warm, data_content, transform]
[2022-11-01T07:35:55,639][INFO ][o.e.x.s.Security         ] [ns3093629] Security is disabled
[2022-11-01T07:35:55,704][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [ns3093629] [controller/13251] [Main.cc@123] controller (64 bit): Version 8.4.3 (Build 9c00cf51c9fea9) Copyright (c) 2022 Elasticsearch BV
[2022-11-01T07:35:56,098][INFO ][o.e.t.n.NettyAllocator   ] [ns3093629] creating NettyAllocator with the following configs: [name=elasticsearch_configured, chunk_size=1mb, suggested_max_allocation_size=1mb, factors={es.unsafe.use_netty_default_chunk_and_page_size=false, g1gc_enabled=true, g1gc_region_size=8mb}]
[2022-11-01T07:35:56,120][INFO ][o.e.i.r.RecoverySettings ] [ns3093629] using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]
[2022-11-01T07:35:56,156][INFO ][o.e.d.DiscoveryModule    ] [ns3093629] using discovery type [multi-node] and seed hosts providers [settings]
[2022-11-01T07:35:57,236][INFO ][o.e.n.Node               ] [ns3093629] initialized
[2022-11-01T07:35:57,237][INFO ][o.e.n.Node               ] [ns3093629] starting ...
[2022-11-01T07:35:57,248][INFO ][o.e.x.s.c.f.PersistentCache] [ns3093629] persistent cache index loaded
[2022-11-01T07:35:57,250][INFO ][o.e.x.d.l.DeprecationIndexingComponent] [ns3093629] deprecation component started
[2022-11-01T07:35:57,356][INFO ][o.e.t.TransportService   ] [ns3093629] publish_address {145.239.142.01:9300}, bound_addresses {[::]:9300}
[2022-11-01T07:35:57,687][INFO ][o.e.b.BootstrapChecks    ] [ns3093629] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2022-11-01T07:35:57,689][WARN ][o.e.c.c.ClusterBootstrapService] [ns3093629] this node is locked into cluster UUID [y_n3kPlvT0O4tK1XBTynkw] but [cluster.initial_master_nodes] is set to [node-1]; remove this setting to avoid possible data loss caused by subsequent cluster bootstrap attempts
[2022-11-01T07:35:57,792][INFO ][o.e.c.s.MasterService    ] [ns3093629] elected-as-master ([1] nodes joined)[_FINISH_ELECTION_, {ns3093629}{CYPa1W31SoawjlH3GVbFVA}{OHApfBZnRe2BTx5PLkEJzA}{ns3093629}{145.239.142.01}{145.239.142.01:9300}{cdfhilmrstw} completing election], term: 21, version: 159, delta: master node changed {previous [], current [{ns3093629}{CYPa1W31SoawjlH3GVbFVA}{OHApfBZnRe2BTx5PLkEJzA}{ns3093629}{145.239.142.01}{145.239.142.01:9300}{cdfhilmrstw}]}
[2022-11-01T07:35:57,845][INFO ][o.e.c.s.ClusterApplierService] [ns3093629] master node changed {previous [], current [{ns3093629}{CYPa1W31SoawjlH3GVbFVA}{OHApfBZnRe2BTx5PLkEJzA}{ns3093629}{145.239.142.01}{145.239.142.01:9300}{cdfhilmrstw}]}, term: 21, version: 159, reason: Publication{term=21, version=159}
[2022-11-01T07:35:57,872][INFO ][o.e.r.s.FileSettingsService] [ns3093629] starting file settings watcher ...
[2022-11-01T07:35:57,878][INFO ][o.e.r.s.FileSettingsService] [ns3093629] file settings service up and running [tid=59]
[2022-11-01T07:35:57,882][INFO ][o.e.h.AbstractHttpServerTransport] [ns3093629] publish_address {145.239.142.01:9200}, bound_addresses {[::]:9200}
[2022-11-01T07:35:57,883][INFO ][o.e.n.Node               ] [ns3093629] started {ns3093629}{CYPa1W31SoawjlH3GVbFVA}{OHApfBZnRe2BTx5PLkEJzA}{ns3093629}{145.239.142.01}{145.239.142.01:9300}{cdfhilmrstw}{ml.machine_memory=33561378816, xpack.installed=true, ml.allocated_processors=16, ml.max_jvm_size=16785604608}
[2022-11-01T07:35:57,991][INFO ][o.e.l.LicenseService     ] [ns3093629] license [7e18a6d4-a871-4a97-85b5-6d7a8361c9e3] mode [basic] - valid
[2022-11-01T07:35:57,995][INFO ][o.e.g.GatewayService     ] [ns3093629] recovered [2] indices into cluster_state
[2022-11-01T07:35:58,053][ERROR][o.e.i.g.GeoIpDownloader  ] [ns3093629] exception during geoip databases update
org.elasticsearch.ElasticsearchException: not all primary shards of [.geoip_databases] index are active
	at org.elasticsearch.ingest.geoip.GeoIpDownloader.updateDatabases(GeoIpDownloader.java:134) ~[?:?]
	at org.elasticsearch.ingest.geoip.GeoIpDownloader.runDownloader(GeoIpDownloader.java:274) ~[?:?]
	at org.elasticsearch.ingest.geoip.GeoIpDownloaderTaskExecutor.nodeOperation(GeoIpDownloaderTaskExecutor.java:102) ~[?:?]
	at org.elasticsearch.ingest.geoip.GeoIpDownloaderTaskExecutor.nodeOperation(GeoIpDownloaderTaskExecutor.java:48) ~[?:?]
	at org.elasticsearch.persistent.NodePersistentTasksExecutor$1.doRun(NodePersistentTasksExecutor.java:42) ~[elasticsearch-8.4.3.jar:?]
	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:769) ~[elasticsearch-8.4.3.jar:?]
	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) ~[elasticsearch-8.4.3.jar:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
	at java.lang.Thread.run(Thread.java:833) ~[?:?]
[2022-11-01T07:35:58,346][INFO ][o.e.c.r.a.AllocationService] [ns3093629] current.health="GREEN" message="Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.security-7][0]]])." previous.health="RED" reason="shards started [[.security-7][0]]"
[2022-11-01T07:35:58,539][INFO ][o.e.i.g.DatabaseNodeService] [ns3093629] successfully loaded geoip database file [GeoLite2-Country.mmdb]
[2022-11-01T07:35:58,586][INFO ][o.e.i.g.DatabaseNodeService] [ns3093629] successfully loaded geoip database file [GeoLite2-ASN.mmdb]
[2022-11-01T07:35:59,487][INFO ][o.e.i.g.DatabaseNodeService] [ns3093629] successfully loaded geoip database file [GeoLite2-City.mmdb]
6

This is saying that Elasticsearch is listening on a public IP, it's not something we recommend. Please be very careful of this and make sure you have Security enabled at a bare minimum.

However I can't curl that IP, so there seems to be something else stopping connections.

7

Yes, we know, it's just time to do some testing, we want to migrate search from Percona to Elasticsearch.

I don't see what can block, it's an installation on a clean server with Ubuntu 20.04.5 TLS 8c/16t 32Gb, there's just Elasticsearch that was installed on it.

8

And where it is running? Did you check if the access from public internet to your server is allowed in any firewall device, not just the firewall software in the server, but any firewall device in your network?

Your configuration is correct, if you still cannot access from the public internet then you have a network issue that you need to check. You probably have a firewall device in your network.

You need to enable security before, do not put your cluster available to the public internet without security, if you do your data will be acessible to everyone and it will be just a matter of time before someone copy your data or delete everything in your cluster.

9

Hi,

I'm on the move and I use the internet which uses a firewall which blocks certain IP addresses.

I realized it this afternoon. 3 days of galleys for that LOL

Thank you guys for your help, I'm glad it's that and not something else because I started to lose hope :wink:

10

Do not forget to enable security, if you expose your elasticsearch to the public internet without security enable it just a matter of time until someone finds your instance and access or delete your data.

11

Yes, it's just a test server that will be disabled later.
Thank you.

12

You say "just", but one of the largest telco's in australia just had a major data leak due to them exposing an unsecured test service to the internet that someone had loaded with actual customer data.

2 Likes
13

We do the tests with automatically generated data.
Thanks for letting us know.

14

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.