Expose API to loopback address in a cluster


Has this been solved?

I wanted to implement the same thing but it doesn't seem to work. I wanted to expose the API to localhost only, but i want to the use the real IP for clustering/discovery. The reason is that we do not have remote API calls, all ES API calls always originate from the same server. We do not want to expose the API outside of the server for security reasons.

I configured the nodes like:

network.publish_host: <>
network.bind_host: localhost

The problem is they all bind to localhost resulting in nodes not being able to see each other.

Best Regards,

You seem to be misunderstanding what these settings do.

The bind_host is where we bind and the publish host is what address we tell people we're bound to. That is, if you asked a node "what is your address", then it will tell you the publish_host, even if it didn't actually bind to that interface.

That means, for example, you can bind to an IP address, but publish it as a DNS name. Or you can bind to all interfaces, but explicitly state which address should be used when publishing.

Which, per the explanation above is exactly what should happen.

What you're after is to have a different bind (and publish) address for the http port, versus the transport port.

For that, you want to set http.host (or http.bind_host and http.publish_host)

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.