How to access Elasticsearch Cluster in VPN with Spring Boot


#1

I have an Elasticsearch cluster in a VPN.

How can my Spring Boot application access the cluster securely if it is located on a separate server outside of the VPN and how can I configure it in the Spring boot configuration (application.yml/application.properties)?

I also want the application to connect to the cluster i an way so that if i have e.g. 2 Master eligible nodes and one fails, the connection remains intact.

I also posted this question on Stackoverflow.com


(Kanagat) #2

hi @BinaryIsPrimary , how do you connect to elasticsearch form your application?
via transport port or via the rest?
what version of elasticsearch?


(Kanagat) #3

you should use RestClient, so when you update your elasticsearch version it isn't necessary to update your client
look here,

https://www.elastic.co/guide/en/elasticsearch/client/java-rest/current/java-rest-high-getting-started-initialization.html

i use something like this:

@Configuration
public class ElasticsearchConfig {

@Autowired
private GlobalProperties globalProperties;

@Bean
public RestHighLevelClient esClient() throws Exception {
ElasticsearchRestClientFactoryBean factory = new ElasticsearchRestClientFactoryBean();
factory.setEsNodes(new String[]{globalProperties.getHost()});

Properties props = new Properties();
// props.setProperty("xpack.security.user", "elastic:changeme");
factory.setProperties(props);
// End: If you are running with x-pack

factory.afterPropertiesSet();
return factory.getObject();
}
}

and you should implement destroy method of your bean.

and in services:

@Autowired
private RestHighLevelClient restClient;
...
restClient.index(new IndexRequest("index name","type").source("message body"));
..


#4

Hi nugusbayevkk,

I am using ES 6.4.2 and spring-boot-starter-data-elasticsearch 2.1.0.RC1 to connect to my cluster.

At the moment, my application is located on the master node server and connects via application.properties with the following settings:

spring.data.elasticsearch.cluster-name={cluster name}
spring.data.elasticsearch.cluster-nodes=localhost:9300

My repositories are extending the ElasticsearchRepository class. This works like a charm as long as my application is located on a server which runs an elasticsearch node.

But ideally, what I want to achieve is locating my application on a separated server and somehow accessing my elasticsearch cluster (running in my mesh vpn) in a safe manner.


(Kanagat) #5

ok,

took 3 master node for example:
server1 - 192.168.10.1 (master1+data1)
server2 - 192.168.10.2 (master2+data2)
server3 - 192.168.10.3 (master3)

on every server you should set

network.bind_host - ["server_ip", "localhost"]
network.publish_host - "server_ip"
discovery.zen.ping.unicast.hosts : ["servers:transport_port", ...]

next, your application placed on server-app, for example.
in your configuration you should set all servers.

you or your administrators should write rules in firewall(iptables) that allow connect from server-app to your servers where working elasticsearch.
or you should use x-pack with security opportunity with enabling tls.


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.