Limiting REST API commands to localhost with 2 node cluster

Hello, in the interest of security I had read that it was best to limit
being able to query elasticsearch directly to localhost, and only allow
users to search elasticsearch using Kibana. This has worked fine by
setting the network.bind_host to localhost, but when I go to add another
node to the cluster I get connection refused errors? Does anybody know
what I am doing wrong?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ee71a5f2-35dd-4d03-9495-0ed7a7db2afd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

See
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html

The bind_host setting controls what network interface Elasticsearch listens
on, which is useful if you have multiple NICs. publish_host setting
controls what IP address Elasticsearch uses to talk to other nodes in the
cluster.

If you want to only query via localhost then set bind_host to loopback and
publish_host to the other interface (eg eth0).

On 10 March 2015 at 12:01, Scott sunglee2@gmail.com wrote:

Hello, in the interest of security I had read that it was best to limit
being able to query elasticsearch directly to localhost, and only allow
users to search elasticsearch using Kibana. This has worked fine by
setting the network.bind_host to localhost, but when I go to add another
node to the cluster I get connection refused errors? Does anybody know
what I am doing wrong?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/ee71a5f2-35dd-4d03-9495-0ed7a7db2afd%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/ee71a5f2-35dd-4d03-9495-0ed7a7db2afd%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X9U%2BMZagzzZCbAP66onfJePGGH2r3_0i2%2BgADFrJ8tTxA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Thanks Mark, that was my understanding as well. However, when I do that,
the second node can't join the cluster. It will only work when I set the
bind_host to 0.0.0.0. Setting it to 127.0.0.1 does indeed limit the
queries to localhost, but then when I try and add a second node to the
cluster ES just spits out connection refused errors. I thought the
publish_host was the interface that ES uses to communicate with other nodes?

On Tuesday, March 10, 2015 at 8:55:12 PM UTC-4, Mark Walkom wrote:

See
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html

The bind_host setting controls what network interface Elasticsearch
listens on, which is useful if you have multiple NICs. publish_host setting
controls what IP address Elasticsearch uses to talk to other nodes in the
cluster.

If you want to only query via localhost then set bind_host to loopback and
publish_host to the other interface (eg eth0).

On 10 March 2015 at 12:01, Scott <sung...@gmail.com <javascript:>> wrote:

Hello, in the interest of security I had read that it was best to limit
being able to query elasticsearch directly to localhost, and only allow
users to search elasticsearch using Kibana. This has worked fine by
setting the network.bind_host to localhost, but when I go to add another
node to the cluster I get connection refused errors? Does anybody know
what I am doing wrong?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/ee71a5f2-35dd-4d03-9495-0ed7a7db2afd%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/ee71a5f2-35dd-4d03-9495-0ed7a7db2afd%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/88311c12-3b5a-498a-b219-e514bb73171d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.