Unable to access opensearch cluster from external IP

antonyab · September 22, 2021, 1:12pm

Hello everyone,

I am trying to set up an opensearch and opensearch dashboard installation.

I am using docker to create a cluster of two nodes.

The installation is up and running and I can access the dashboard graphic interface to create dashboards and interact with the opensearch api.

If I try to interact with the opensearch api (for example using curl) using any machine, I am receiving the result “Unautorized”. But If I do the same test from the machine where the cluster is installed it works without issues.

The server where the cluster is installed doesn’t have any firewall restrictions. Is there any configuration that I should do to allow the interaction with the opensearch API from an external IP?

Thank you in advance for the help.

Regards,

searchymcsearchface · September 22, 2021, 2:03pm

Moved to Security category.

You are sending along some sort of authentication, right?

antonyab · September 22, 2021, 2:18pm

Thank you for your quick reply.

I am using the default authentication.

So it is user/password authentication.

I didn’t change anything in the config files that were in the docker image.

If you want I can share the config files related to the authentication.

Thank you in advance.

Regards,

Anthony · September 22, 2021, 2:29pm

@antonyab I’m not able to reproduce your issue.
Can you share the curl request you use and also the opensearch.yml file, redact any sensitive details

antonyab · September 22, 2021, 3:08pm

Regarding the opensearch installation, I used docker-compose. You can find below the content :

version: ‘3’
services:
** opensearch-node1:**
** image: opensearchproject/opensearch:latest**
** container_name: opensearch-node1**
** environment:**
** - cluster.name=opensearch-cluster**
** - node.name=opensearch-node1**
** - discovery.seed_hosts=opensearch-node1,opensearch-node2**
** - cluster.initial_master_nodes=opensearch-node1,opensearch-node2**
** - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping**
** - “OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m” # minimum and maximum Java heap size, recommend setting both to 50% of system RAM**
** ulimits:**
** memlock:**
** soft: -1**
** hard: -1**
** nofile:**
** soft: 262144 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems**
** hard: 262144**
** volumes:**
** - opensearch-data1:/usr/share/opensearch/data**
** ports:**
** - 9200:9200**
** - 9600:9600 # required for Performance Analyzer**
** networks:**
** - opensearch-net**
** opensearch-node2:**
** image: opensearchproject/opensearch:latest**
** container_name: opensearch-node2**
** environment:**
** - cluster.name=opensearch-cluster**
** - node.name=opensearch-node2**
** - discovery.seed_hosts=opensearch-node1,opensearch-node2**
** - cluster.initial_master_nodes=opensearch-node1,opensearch-node2**
** - bootstrap.memory_lock=true**
** - “OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m”**
** ulimits:**
** memlock:**
** soft: -1**
** hard: -1**
** nofile:**
** soft: 65536**
** hard: 65536**
** volumes:**
** - opensearch-data2:/usr/share/opensearch/data**
** networks:**
** - opensearch-net**
** opensearch-dashboards:**
** image: opensearchproject/opensearch-dashboards:latest**
** container_name: opensearch-dashboards**
** ports:**
** - 5601:5601**
** expose:**
** - “5601”**
** environment:**
** OPENSEARCH_HOSTS: ‘[“https://opensearch-node1:9200”,“https://opensearch-node2:9200”]’**
** networks:**
** - opensearch-net**

volumes:
** opensearch-data1:**
** opensearch-data2:**

networks:
** opensearch-net:**

Regarding the curl request, I tried this for example :
curl -XGET https://IP_ADDRESS:9200 -u ‘admin:admin’ --insecure

If I try this curl request locally on the machine where the cluster is installed, It works without issues.
If I try it on any other machine, I have the response : Unauthorized

Thank in advance for the help really.

Regards,

Anthony · September 22, 2021, 3:56pm

@antonyab
I have just ran your docker-compose and accessed the cluster using IP address of the machine image is running on (192.168.x.x) and was able to get a response without issues.
Therefore this would lead me to believe it’s a firewall issue

If I misunderstood your use case and you actually want to expose opensearch to public, then I would recommend reading this thread

antonyab · September 23, 2021, 7:41am

Thank you for your answer.

I am running opensearch on a server online and not locally.

I don’t know if there is any difference for that.

I will check again my firewall config.

Thank you again.

Regards,

Topic		Replies	Views
Opensearch Dashboards cannot connect to Opensearch Security	8	4280	April 7, 2023
Opensearch-Dashboard directing to login page even though security is disabled OpenDistro	1	4018	November 19, 2021
Opensearch-dashboard anonymous access OpenSearch discuss , troubleshoot , configure	0	524	June 19, 2022
OpenSearch docker-compose error OpenSearch install	4	454	January 22, 2024
OpensSearch dashboard proxy authentication OpenSearch Dashboards troubleshoot	6	636	December 8, 2023

Unable to access opensearch cluster from external IP

Related Topics