Is changing network.host necessary for cluster?

I saw in some guide (not ES official) that I should do something like this: network.host: [tun0, local], is this necessary?

Here is the Section from that guide that writes this:

Bind to VPN IP Address or Interface

You will want to restrict outside access to your Elasticsearch instance, so outsiders can't access your data or shut down your Elasticsearch cluster through the HTTP API. In other words, you must configure Elasticsearch such that it only allows access to servers on your private network (VPN). To do this, we need to configure each node to bind to the VPN IP address, vpn_ip, or interface, "tun0".

Find the line that specifies network.host, uncomment it, and replace its value with the respective server's VPN IP address (e.g. 10.0.0.1 for node01) or interface name. Because our VPN interface is named "tun0" on all of our servers, we can configure all of our servers with the same line:

elasticsearch.yml — network.host
network.host: [tun0, local]
Note the addition of "local", which configures Elasticsearch to also listen on all loopback devices. This will allow you to use the Elasticsearch HTTP API locally, from each server, by sending requests to localhost. If you do not include this, Elasticsearch will only respond to requests to the VPN IP address.

Here is the link:

Yes, otherwise the nodes will only listen on localhost and not form a cluster.

1 Like

Thanks on the answer!

Just to make sure. I am not sure that I understand what [tun0,local] is.

does it mean:
If one host is 10.0.0.1 and a second one is 10.0.0.2 and my machine is localhost,
then the network.host should look like this:

network.host: [10.0.0.1, 10.0.0.2 , localhost ]?

See https://www.elastic.co/guide/en/elasticsearch/reference/5.3/modules-network.html#network-interface-values

1 Like

Hi thanks!

On the top of the manual it does really say I can put ip address and also key words.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.