Unable to access opensearch cluster from external IP

Hello everyone,

I am trying to set up an opensearch and opensearch dashboard installation.

I am using docker to create a cluster of two nodes.

The installation is up and running and I can access the dashboard graphic interface to create dashboards and interact with the opensearch api.

If I try to interact with the opensearch api (for example using curl) using any machine, I am receiving the result “Unautorized”. But If I do the same test from the machine where the cluster is installed it works without issues.

The server where the cluster is installed doesn’t have any firewall restrictions. Is there any configuration that I should do to allow the interaction with the opensearch API from an external IP?

Thank you in advance for the help.

Regards,

Moved to Security category.

You are sending along some sort of authentication, right?

Thank you for your quick reply.

I am using the default authentication.

So it is user/password authentication.

I didn’t change anything in the config files that were in the docker image.

If you want I can share the config files related to the authentication.

Thank you in advance.

Regards,

@antonyab I’m not able to reproduce your issue.
Can you share the curl request you use and also the opensearch.yml file, redact any sensitive details

Regarding the opensearch installation, I used docker-compose. You can find below the content :

version: '3’
services:
** opensearch-node1:**
** image: opensearchproject/opensearch:latest**
** container_name: opensearch-node1**
** environment:**
** - cluster.name=opensearch-cluster**
** - node.name=opensearch-node1**
** - discovery.seed_hosts=opensearch-node1,opensearch-node2**
** - cluster.initial_master_nodes=opensearch-node1,opensearch-node2**
** - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping**
** - “OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m” # minimum and maximum Java heap size, recommend setting both to 50% of system RAM**
** ulimits:**
** memlock:**
** soft: -1**
** hard: -1**
** nofile:**
** soft: 262144 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems**
** hard: 262144**
** volumes:**
** - opensearch-data1:/usr/share/opensearch/data**
** ports:**
** - 9200:9200**
** - 9600:9600 # required for Performance Analyzer**
** networks:**
** - opensearch-net**
** opensearch-node2:**
** image: opensearchproject/opensearch:latest**
** container_name: opensearch-node2**
** environment:**
** - cluster.name=opensearch-cluster**
** - node.name=opensearch-node2**
** - discovery.seed_hosts=opensearch-node1,opensearch-node2**
** - cluster.initial_master_nodes=opensearch-node1,opensearch-node2**
** - bootstrap.memory_lock=true**
** - “OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m”**
** ulimits:**
** memlock:**
** soft: -1**
** hard: -1**
** nofile:**
** soft: 65536**
** hard: 65536**
** volumes:**
** - opensearch-data2:/usr/share/opensearch/data**
** networks:**
** - opensearch-net**
** opensearch-dashboards:**
** image: opensearchproject/opensearch-dashboards:latest**
** container_name: opensearch-dashboards**
** ports:**
** - 5601:5601**
** expose:**
** - “5601”**
** environment:**
** OPENSEARCH_HOSTS: ‘[“https://opensearch-node1:9200”,“https://opensearch-node2:9200”]’**
** networks:**
** - opensearch-net**

volumes:
** opensearch-data1:**
** opensearch-data2:**

networks:
** opensearch-net:**

Regarding the curl request, I tried this for example :
curl -XGET https://IP_ADDRESS:9200 -u ‘admin:admin’ --insecure

If I try this curl request locally on the machine where the cluster is installed, It works without issues.
If I try it on any other machine, I have the response : Unauthorized

Thank in advance for the help really.

Regards,

@antonyab
I have just ran your docker-compose and accessed the cluster using IP address of the machine image is running on (192.168.x.x) and was able to get a response without issues.
Therefore this would lead me to believe it’s a firewall issue

If I misunderstood your use case and you actually want to expose opensearch to public, then I would recommend reading this thread

1 Like

Thank you for your answer.

I am running opensearch on a server online and not locally.

I don’t know if there is any difference for that.

I will check again my firewall config.

Thank you again.

Regards,

1 Like