How to access Elasticsearch Cluster in VPN with Spring Boot


I have an Elasticsearch cluster in a VPN.

How can my Spring Boot application access the cluster securely if it is located on a separate server outside of the VPN and how can I configure it in the Spring boot configuration (application.yml/

I also want the application to connect to the cluster i an way so that if i have e.g. 2 Master eligible nodes and one fails, the connection remains intact.

I also posted this question on

(Kanagat) #2

hi @BinaryIsPrimary , how do you connect to elasticsearch form your application?
via transport port or via the rest?
what version of elasticsearch?

(Kanagat) #3

you should use RestClient, so when you update your elasticsearch version it isn't necessary to update your client
look here,

i use something like this:

public class ElasticsearchConfig {

private GlobalProperties globalProperties;

public RestHighLevelClient esClient() throws Exception {
ElasticsearchRestClientFactoryBean factory = new ElasticsearchRestClientFactoryBean();
factory.setEsNodes(new String[]{globalProperties.getHost()});

Properties props = new Properties();
// props.setProperty("", "elastic:changeme");
// End: If you are running with x-pack

return factory.getObject();

and you should implement destroy method of your bean.

and in services:

private RestHighLevelClient restClient;
restClient.index(new IndexRequest("index name","type").source("message body"));


Hi nugusbayevkk,

I am using ES 6.4.2 and spring-boot-starter-data-elasticsearch 2.1.0.RC1 to connect to my cluster.

At the moment, my application is located on the master node server and connects via with the following settings:{cluster name}

My repositories are extending the ElasticsearchRepository class. This works like a charm as long as my application is located on a server which runs an elasticsearch node.

But ideally, what I want to achieve is locating my application on a separated server and somehow accessing my elasticsearch cluster (running in my mesh vpn) in a safe manner.

(Kanagat) #5


took 3 master node for example:
server1 - (master1+data1)
server2 - (master2+data2)
server3 - (master3)

on every server you should set

network.bind_host - ["server_ip", "localhost"]
network.publish_host - "server_ip" : ["servers:transport_port", ...]

next, your application placed on server-app, for example.
in your configuration you should set all servers.

you or your administrators should write rules in firewall(iptables) that allow connect from server-app to your servers where working elasticsearch.
or you should use x-pack with security opportunity with enabling tls.

(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.