Is changing necessary for cluster?

(tomer zaks) #1

I saw in some guide (not ES official) that I should do something like this: [tun0, local], is this necessary?

Here is the Section from that guide that writes this:

Bind to VPN IP Address or Interface

You will want to restrict outside access to your Elasticsearch instance, so outsiders can't access your data or shut down your Elasticsearch cluster through the HTTP API. In other words, you must configure Elasticsearch such that it only allows access to servers on your private network (VPN). To do this, we need to configure each node to bind to the VPN IP address, vpn_ip, or interface, "tun0".

Find the line that specifies, uncomment it, and replace its value with the respective server's VPN IP address (e.g. for node01) or interface name. Because our VPN interface is named "tun0" on all of our servers, we can configure all of our servers with the same line:

elasticsearch.yml — [tun0, local]
Note the addition of "local", which configures Elasticsearch to also listen on all loopback devices. This will allow you to use the Elasticsearch HTTP API locally, from each server, by sending requests to localhost. If you do not include this, Elasticsearch will only respond to requests to the VPN IP address.

Here is the link:

(Mark Walkom) #2

Yes, otherwise the nodes will only listen on localhost and not form a cluster.

(tomer zaks) #3

Thanks on the answer!

Just to make sure. I am not sure that I understand what [tun0,local] is.

does it mean:
If one host is and a second one is and my machine is localhost,
then the should look like this: [, , localhost ]?

(Mark Walkom) #4


(tomer zaks) #5

Hi thanks!

On the top of the manual it does really say I can put ip address and also key words.

(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.