Restricting direct access to port, but allow port forwarding in Nginx Restricting direct access to port, but allow port forwarding in Nginx elasticsearch elasticsearch

Restricting direct access to port, but allow port forwarding in Nginx


nginx elasticsearch reverse-proxy http-authentication

add this in your ES config to ensure it only binds to localhost

network.host: 127.0.0.1http.host: 127.0.0.1

then ES is only accessible from localhost and not the world.

make sure this is really the case with the tools of your OS. e.g. on unix:

$ netstat -an | grep -i 9200tcp4       0      0 127.0.0.1.9200         *.*                    LISTEN

in any case I would lock down the machine using the OS firewall to really only allow the ports you want and not only rely on proper binding. why is this important? because ES also runs its cluster communication on another port (9300) and evil doers might just connect there.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last