Installed elastic search on server but cannot connect to it if from another machine

Question

Context

Have just started using elastic search, installed it on server, can curl and telnet to port 9200 on local machine(server) but cannot connect to it if from another machine.

I disabled firewall on both the server and client as solutions I got from internet were suggesting and also tried suggestions found on the link below but couldn't get it working.

https://discuss.elastic.co/t/accessing-port-9200-remotely/21840

Question

Can some one help me on how to get this working, thanks in advance

Answer 1

I had the same issue and this worked for me:

1. In /etc/elasticsearch/elasticsearch.yml:

   • Remove network.host (I believe this should only be used if you are accessing locally)
   • http.host 192.168.1.50 (IP of the server)
   • http.port 9200

2. In /etc/kibana/kibana.yml:

   • server.host "192.168.1.50"
   • elasticsearch.hosts ["http://192.168.1.50:9200"]

3. In your nginx file /etc/nginx/sites-available/yoursite.com

server {
    listen 80;

    server_name 192.168.1.50;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://192.168.1.50:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

4. Then restart all services and WAIT for a few minutes - I wasn't patient enough the first few attempts and wondered why it kept failing:

systemctl restart elasticsearch
systemctl restart kibana
systemctl restart nginx

5. After waiting for a few minutes, check that the ports are now on the correct IPs.

netstat -nltp

It should now look something like: 192.168.1.50:5061 192.168.1.50:9200

6. Test by trying to telnet from the remote machine by doing

telnet 192.168.1.50 9200

7. Now you are all set to access remotely or set up auditbeat etc.

Answer 2

Let's recreate your scenario. I started freshly installed elasticsearch on my machine. Now I am able to perform curl on port 9200

[root@kali ~]# hostname -i
192.168.109.128

[root@kali ~]# curl http://localhost:9200

{
  "status" : 200,
  "name" : "Kali Node",
  "cluster_name" : "kali",
  "version" : {
    "number" : "1.7.1",
    "build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",
    "build_timestamp" : "2015-07-29T09:54:16Z",
    "build_snapshot" : false,
    "lucene_version" : "4.10.4"
  },
  "tagline" : "You Know, for Search"
}

If you check the listening tcp ports on your server that java service has opened.

[root@kali ~]# netstat -ntlp | awk '/[j]ava/'
tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      3422/java

tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      3422/java

You can see elasticsearch is listening on 127.0.0.1 so it is obvious that you can't access port 9200 from the network. Let's verify it using wget from remote server.

$ wget.exe 192.168.109.128:9200

--2015-12-25 13:30:18--  http://192.168.109.128:9200/
Connecting to 192.168.109.128:9200... failed: Connection refused.

lets change the elasticsearch configuration to fix the issue using below command

[root@kali ~]# sed -i '/^network.bind_host:/s/network.bind_host: .*/network.bind_host: 0.0.0.0/' /etc/elasticsearch/elasticsearch.yml

or

just open elasticsearch configuration file and find "network.bind_host" and do following changes below

network.bind_host: 0.0.0.0

then restart your elasticsearch service

[root@kali ~]# service elasticsearch restart
Restarting elasticsearch (via systemctl):                  [  OK  ]

Now lets check the listening tcp port of java

[root@kali ~]# netstat -ntlp | awk '/[j]ava/'

tcp6       0      0 :::9200                 :::*                    LISTEN      3759/java

tcp6       0      0 :::9300                 :::*                    LISTEN      3759/java

Now you can it is listening on all interface.

Lets try the wget command from remote machine

$ wget.exe 192.168.109.128:9200

--2015-12-25 13:39:12--  http://192.168.109.128:9200/
Connecting to 192.168.109.128:9200... connected.
HTTP request sent, awaiting response... 200 OK
Length: 328 [application/json]
Saving to: ‘index.html.1’

index.html.1                   100%[====================================================>]     328  --.-KB/s   in 0.009s

2015-12-25 13:39:12 (37.1 KB/s) - ‘index.html.1’ saved [328/328]

Try curl command

$ curl.exe http://192.168.109.128:9200

{
  "status" : 200,
  "name" : "Kali Node",
  "cluster_name" : "kali",
  "version" : {
    "number" : "1.7.1",
    "build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",
    "build_timestamp" : "2015-07-29T09:54:16Z",
    "build_snapshot" : false,
    "lucene_version" : "4.10.4"
  },
  "tagline" : "You Know, for Search"
}

Answer 3

Since you just installed Elasticsearch, I suppose you're using ES 2.0 or 2.1. You need to know that since the 2.0 release, Elasticsearch binds to localhost by default (as a security measure to prevent your node from connecting to other nodes on the network without you knowing it).

So what you need to do is simply to edit your elasticsearch.yml configuration file and change the network.bind_host setting like this:

network.bind_host: 0

Then, you need to restart your node and it will be accessible from a remote host.

Answer 4

For ElasticSearch version 5, you can edit the configuration file /etc/elasticsearch/elasticsearch.yml and add the following lines

network.bind_host: 0
http.cors.allow-origin: "*"
http.cors.enabled: true

The cors are needed for plugins like Head or HQ on remote machine, because they make Ajax XMLHttpRequest requests

You can also define network.host: 0 since it is a shortcut which sets the bind_host and the publish_host

Sources:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html
• https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html