How to access Elasticsearch Cluster in VPN with Spring Boot

I have an Elasticsearch cluster in a VPN.

How can my Spring Boot application access the cluster securely if it is located on a separate server outside of the VPN and how can I configure it in the Spring boot configuration (application.yml/application.properties)?

I also want the application to connect to the cluster i an way so that if i have e.g. 2 Master eligible nodes and one fails, the connection remains intact.

I also posted this question on Stackoverflow.com

hi @BinaryIsPrimary , how do you connect to elasticsearch form your application?
via transport port or via the rest?
what version of elasticsearch?

you should use RestClient, so when you update your elasticsearch version it isn't necessary to update your client
look here,

i use something like this:

@Configuration
public class ElasticsearchConfig {

@Autowired
private GlobalProperties globalProperties;

@Bean
public RestHighLevelClient esClient() throws Exception {
ElasticsearchRestClientFactoryBean factory = new ElasticsearchRestClientFactoryBean();
factory.setEsNodes(new String{globalProperties.getHost()});

Properties props = new Properties();
// props.setProperty("xpack.security.user", "elastic:changeme");
factory.setProperties(props);
// End: If you are running with x-pack

factory.afterPropertiesSet();
return factory.getObject();
}
}

and you should implement destroy method of your bean.

and in services:

@Autowired
private RestHighLevelClient restClient;
...
restClient.index(new IndexRequest("index name","type").source("message body"));
..

Hi nugusbayevkk,

I am using ES 6.4.2 and spring-boot-starter-data-elasticsearch 2.1.0.RC1 to connect to my cluster.

At the moment, my application is located on the master node server and connects via application.properties with the following settings:

spring.data.elasticsearch.cluster-name={cluster name}
spring.data.elasticsearch.cluster-nodes=localhost:9300

My repositories are extending the ElasticsearchRepository class. This works like a charm as long as my application is located on a server which runs an elasticsearch node.

But ideally, what I want to achieve is locating my application on a separated server and somehow accessing my elasticsearch cluster (running in my mesh vpn) in a safe manner.

ok,

took 3 master node for example:
server1 - 192.168.10.1 (master1+data1)
server2 - 192.168.10.2 (master2+data2)
server3 - 192.168.10.3 (master3)

on every server you should set

network.bind_host - ["server_ip", "localhost"]
network.publish_host - "server_ip"
discovery.zen.ping.unicast.hosts : ["servers:transport_port", ...]

next, your application placed on server-app, for example.
in your configuration you should set all servers.

you or your administrators should write rules in firewall(iptables) that allow connect from server-app to your servers where working elasticsearch.
or you should use x-pack with security opportunity with enabling tls.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.