I wanted to implement the same thing but it doesn't seem to work. I wanted to expose the API to localhost only, but i want to the use the real IP for clustering/discovery. The reason is that we do not have remote API calls, all ES API calls always originate from the same server. We do not want to expose the API outside of the server for security reasons.
You seem to be misunderstanding what these settings do.
The bind_host is where we bind and the publish host is what address we tell people we're bound to. That is, if you asked a node "what is your address", then it will tell you the publish_host, even if it didn't actually bind to that interface.
That means, for example, you can bind to an IP address, but publish it as a DNS name. Or you can bind to all interfaces, but explicitly state which address should be used when publishing.
Which, per the explanation above is exactly what should happen.
What you're after is to have a different bind (and publish) address for the http port, versus the transport port.
For that, you want to set http.host (or http.bind_host and http.publish_host)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.