Failed to start Elasticsearch [7.16.3] [Ubuntu 20.04]

Hello there,
I have installed Elasticsearch trough the apt on my vps ubuntu 20.04, i just followed the installation guide from here : Install Elasticsearch with Debian Package | Elasticsearch Guide [7.17] | Elastic
I checked all was running with "curl myip:9200", it returned that all was working fine...
But a few time later, my service wouldn't start normally... i tried to do so many things by searching a solution on the web...
It's the first time i use Elasticsearch but i need it to install magento 2 so i hope someone can help me pls !
There is my error i got on the status :

image1421×307 17.8 KB

image799×402 13.6 KB

image1911×964 102 KB

image1917×997 103 KB

image1574×1001 42.4 KB

image1600×459 19.4 KB

image746×989 21.6 KB

image980×879 27.8 KB

image808×994 23.1 KB

image1063×797 26.8 KB

image809×136 5 KB

Welcome to our community!

Please don't post pictures of text, logs or code. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them

Your problem is "can't bind to your ip address".

I binded the ip adress of my vps in my elasticsearch.yml, i just hid it

@Arkoos62 Welcome to the community!
What @rugenl is saying is the error in that last screen shot (and please do not use screen shots) Indicates a bind error... like the address is already take or can not bind

Screen Shot 2022-02-01 at 2.23.41 PM1646×218 99.5 KB

Thanks mate
Sorry for the screen i didn't know...
I understand where the problem is coming from but i ​don't understand what am i supposed to bind in my config file
my vps is hosted by micisoft azure and they gave me a public ip adress and in the config file i binded this adress at "network.host"
but it failed to start with this config...
but when i bind my localhost adress it's working so i'm lost pls explain me
thanks for all mates

Well I am not an expert on azure but in GCP you bind to the internal NIC / Address .. that Internal Address is then in turn bound to the external address by GCP networking... then I can access Elasticsearch via the external address.

example in my GCP console, I this

10.168.0.81 (nic0), 35.2XX.5X.1XX (external)

and I bind to 10.168.0.81 or when I run
ifconfig

ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1460
        inet 10.168.0.81  netmask 255.255.255.255  broadcast 0.0.0.0
        inet6 fe80::4001:aff:fea8:51  prefixlen 64  scopeid 0x20<link>

and I can bind to _ens4_ the network interface name ... see Here

I suspect Azure works similar

Did you try to access it from the external address? This is most likely more an Azure thing than an Elasticsearch thing.

Also incase anyone else has not said it ... do not bind your Elasticsearch / Kibana to and external IP unless you have enabled security (Auth / Auth and SSL)

well, i'm not an expert of network but i think azure is similar yes, when i run ifconfig i have the same adress on inet line as my private adress configured on azure panel
then i have a second paragraph always in ifconfig that show my localhost adress on inet line
sry mate but i was a bad student in networking course and i don't know what i have to bind so in my config (for me it's not "ens4" but "eth0")
i tried to bind my external adress in network.host and the service cannot start
can you explain your last sentence pls ?

Elasticsearch, and any other service, only can bind to IP address that are available on the host, which is not your case.

Normally on cloud provider when you get an external IP address, this IP address will be associated to your instance, but will not be available directly to the host, so, for the operating system this IP address does not exists.

What happens is that when the cloud provider receives a connection on the external IP address associated to your instance, it will redirect the connection to the private IP address of your instance and is on that private IP address that you should bind Elasticsearch or other services.

Try to change your network.host configuration to use your private IP address or _eth0_, both should have the same effect.

Also, as @stephenb already said, do not expose your Elasticsearch instance without having enabled the security features.

I always use 0.0.0.0 on my on-prem systems.

It seems to me that the bind address is a frequent cause of problems, what is the benefit of NOT binding to all available IP's by default?

And I think you leaked your IP address in the error messages anyway, even if you hid it in the config yml.

Ok mate i understood, thank you for your help i will try this
How do i configure the security features ?

Yes i tried it works but i didn't know if this could work proprely with this binding
If it works samely so i agree with you
i'm so dumb, is it serious ?

I have an other question...
when i run curl to check if Elasticsearch is working proprely, i can't run it with my external ip adress, is it normal ?
(it works when i run curl with my private adress which is binded in my config yml)

On your host, issue "ip addr", those are the addresses known to that OS. If you are curl'ing from there, it has to be one of those addresses.

yes but for example, an install of magento, is the elasticsearch service need to be accessible from any externals clients ?

You need to check it in the Magento documentation, but elasticsearch probably doesn't need to accessible to any external client, just for the Magento.

Also, if you can't access using your external IP Address, you should check your network configurations to see the access rules, this is a cloud/network issue, not an elasticsearch issue.

Ok thanks i will ask to a magento dev or it's mb write somewhere in the doc
I think i can but you alert me that it's maybe dangerous to bind it without the security features, i was asking what i have to do to secure my elasticsearch instance

You can start with this part of the documentation, it explains how to configure security.

If you have any issue while following the documentation, please open a new topic with your questions

Ok thank you.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.