Cannot connect to Elasticsearch EC2 port 9200 using public ip - elasticsearch

I'm having problems trying to connect to Elasticsearch (ES) on an EC2 instance from my local linux box via the EC2 instance public ip i.e. curl [PUBLIC_IP]:9200
I followed the steps in this guide: https://github.com/miztiik/elk-stack/tree/master/ElasticSearch.
My ES version is 6.8.9
Here's what's working and what's not:
On ES EC2 instance: curl localhost:9200 works
On another instance with same VPC: curl [PUBLIC_IP]:9200 works
On my local linux box: curl [PUBLIC_IP]:9200 doesn't work, however telnet [PUBLIC_IP] 9200 works i.e. it connects and gives me the escape character '^]'
My /etc/elasticsearch/elasticsearch.yml config has the following:
http.enabled: true
http.port: 9200
network.host: 0.0.0.0
http.cors.allow-origin: "*"
http.cors.enabled: true
There is only one (new) security group attached to the EC2 instance, which has the following inbound rules:
I also confirmed that the EC2 instance is in a public subnet i.e. connected to an internet gateway.
Thanks for any help.
Update
I also installed Apache httpd on the instance and rechecked everything. Here is the current state of things:
I can ping, telnet and connect to the web server (:80) from the outside.
I cannot connect to Elasticsearch (:9200) or Kibana (:5601) from the outside. All these I can however do within the VPC from another instance.

This sounds firewall related.
Check on the ECE2 security group and either modify the default Sec group or create new one and associate it with your instance.
For a test, modify your inbound as for your port as:
0.0.0.0/0 IPv4
And set network host as follows
network.host: _ec2 # if using the plugin
Otherwise
network.host: "{elastic_ip}”
If your ece2 instance doesn’t have public dns, you will have to edit your/etc/hosts file and add the IP address of your instance
network.bind_host
This specifies which network interface(s) a node should bind to in order to listen for incoming requests. A node can bind to multiple interfaces, e.g. two network cards, or a site-local address and a local address. Defaults to network.host.
network.publish_host
The publish host is the single interface that the node advertises to other nodes in the cluster, so that those nodes can connect to it. Currently an Elasticsearch node may be bound to multiple
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html
https://discuss.elastic.co/t/elasticsearch-only-accessible-from-localhost/65782/3
https://www.elastic.co/blog/running-elasticsearch-on-aws
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#describing-security-group
How do I enable remote access/request in Elasticsearch 2.0?

I had the same issue on AWS. Try using the public DNS or the private IP in lieu of the public IP to connect another ec2 instance in the same VPC.

Related

How do I connect to an elastic search server from a remote computer?

Every guide or post about this topic says to just set network.host: 0 in the elasticsearch.yml file. However I tried that, along with applying other troubleshooting methods, and nothing seems to work. I'm starting to think maybe the configuration is right, but I am not connecting to it the right way?
This is what my yml file looks like,
discovery.seed_hosts: []
network.publish_host: xx.xxx.xxx.51
network.host: 0.0.0.0
The elastic search server is hosted on an Azure virtual machine. Then when I try to connect to it via curl on my local machine I get a Failed to Connect, Timeout Error.
curl http://xx.xxx.xxx.51:9200
The issue was with the network settings which was blocking all the incoming traffic and once incoming traffic on port 9200, default port of Elasticsearch allowed, the issue got resolved.
Just for the reference, you just need to have network.host: 0.0.0.0 config to make sure Elasticsearch isn't using the loopback address and this by default kicks in the production checks which can be avoided in case you are just running a single node discovery.type:single-node, this helps to troubleshoot such issues.

How can i connect to my elasticsearch cluster from another machine?

I want to connect my elasticsearch cluster from another machine i went through some documentation where they had mentioned that i had change the network.bind_host : 0 .But i didn't find the network.bind_host in my elasticsearch.yml . I got only network.host in my elasticsearch.yml file.Even i tried it by giving as
network.host :0 but i cant able to connect from another machine. And i also tried removing ## before network.host :0 which throws an error when starting elasticsearch cluster.
When i am connecting from another machine i have to give http://clustermachingip:9200 right?
Can anyone please help on this problem?
Thanks..
When you want to connect to an elasticsearch instance of an another machine, yes the address is http://clustermachingip:9200. Can you try setting network.bind_host: clustermachingip
If this doesn't work then you might want to check the connectivity to the machine you are trying to connect to using something like a ping command.
ping clustermachingip
EDIT:
You can just start elasticsearch in one machine and try one of the following curl commands from the other machine.
curl 'clustermachingip:9200/_cat/nodes?v'
curl 'clustermachingip:9200/_cat/health?v'
EDIT2: Clearing out confusion between network.host, network.bind_host
https://www.elastic.co/guide/en/elasticsearch/reference/2.4/modules-network.html#advanced-network-settings
The network.host setting explained in Commonly used network settings
is a shortcut which sets the bind host and the publish host at the
same time. In advanced used cases, such as when running behind a proxy
server, you may need to set these settings to different values:
network.bind_host
This specifies which network interface(s) a node should bind to in order to listen for incoming requests. A node can bind to multiple
interfaces, e.g. two network cards, or a site-local address and a
local address. Defaults to network.host. network.publish_host
The publish host is the single interface that the node advertises to other nodes in the cluster, so that those nodes can connect to it.
Currently an elasticsearch node may be bound to multiple addresses,
but only publishes one. If not specified, this defaults to the “best”
address from network.host, sorted by IPv4/IPv6 stack preference, then
by reachability.
Set your network.host in elasticsearch.yml to 0.0.0.0 i.e. it will listen on all available bound addresses.
network.host: 0.0.0.0
Check your connectivity to the host machine on the port (in case you haven't changed the port it will be 9200).
In case you are not able to connect to the host machine still, I will suggest checking your iptables and allow connections to port 9200.

Difference in telnet of amazon ec2 instance using internal and public IP

I have a 4 node hadoop cluster on ec2. We have configured Hortonworks Hadoop (HDP version 2.4) through Ambari.
I have opened all traffic for our all four instances internally and the office external IP.
Whenever I do telnet within the cluster using internal IP:
telnet <internal_ip> 2181
It is able to connect to the specific port I have my service(zookeeper) running on.
When I use public IP of the same instance(Elastic IP) instead of internal IP, I am not able to telnet either within the cluster or from my office IP:
telnet <elastic_ip> 2181
I have already configured security group to allow all traffic. I am using Ubuntu 14.04. We are not using any other firewall except AWS security group.
Please suggest how can I connect using Elastic IP/Public IP of my instance on this port.
Please find the screenshot of Security Group of EC2:
Do you use the default VPC ?
If not, check if the VPC has an Internet Gateway, the Route table (you need a route to the Internet Gateway) and the Networks ACLs.
The Route table and Network ACLs are applied to a subnet.
The default VPC is configured to allow outside traffic, not a new VPC.
Or, the Elastic IP is linked to the same network interface ? The Elastic IP is linked to a network interface of an instance.
EDIT: you can take a look on AWS doc for a better explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html

Elasticsearch on EC2

I've spent some time now looking for information regarding elasticsearch.yml configurations that make my single instance Elasticsearch (on Windows 2012 Server EC2) accessible via public ip, but everytime I uncomment one or both of following settings the only thing that changes is, calling the private ip as well results in an error.
network.publish_host: <public ip>
network.bind_host: <private ip>
Is this correct and are there any other settings that have to be defined? Shouldn't it run with the default values?
This is more of a general answer as to how networking works within EC2 instead of a specific answer to your question. But it should help inform how to configure your application.
EC2 has 1:1 NAT between a public and private IP address. Because of this, only the private IP address is visible to the instance directly.
If you are binding a service to a network interface, it would be the one with the private IP.
Some services do require knowledge of the external IP address in order to function properly. The only one I have run into is FTP in a passive configuration, likely due to the fact that it needs to open a separate socket for data transfer.
In the case of elastic search, it appears that they have a special plugin that will help configure elastic search for the aws environment: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-network.html
I had the same problem.
Installed only one instance of ES on aws EC2 and wanted to grant it public access.
On ubuntu 16.04 this is what works for me:
in /etc/elasticsearch/elasticsearch.yml add this line:
network.host: <ec2 instance private ip>
The private ip should be something like 172.x.x.x
Also do not forget allow access in security group in your aws console for port 9200 (default) and ip address from which you will be sending requests.
So difference was setting not public but private ip address from aws console..
Also note that this can be dangerous as there is not any user/password or other access control

Access EC2 port 9200 from external service

I'm struggling to get EC2 and ElasticSearch up and running. Specifically I'm trying to reach my node from outside Amazon's cloud for verification purposes. I've set up the security group so that I have a "Custom TCP" rule on port 9200 and ElasticSearch is listening on that port, which I can see with netstat -l. When I curl -XGET https://localhost:9200 I get the response expected from ElasticSearch. When I curl -XGET https://publicIP:9200 from WITHIN Amazon (ie. another node that I have running) I get the response expected from ElasticSearch. When I try to do the same request from my desktop I get "no response". I can not, for the life of me, figure out why this is happening.
There are several things to check:
Accessing the public URL of an instance from inside the amazon cloud will map to its private IP. In you test above, where you specify publicIP, did you use the public IP or public domain name? Make sure to test with the IP, not the domain name.
If access to the public IP works from the same machine, try the same thing from another EC2 instance.
Finally, you may have a firewall rule on your desktop, or your work network, preventing outgoing access on port 9200.
If you are running Elasticsearch as a service, then go to /etc/elasticsearch/elasticsearch.yml and make the
network.host: "0.0.0.0"
This solution worked for me.

Resources