Allow remote access to Elasticsearch on DO ELK stack

Posted November 6, 2015 17.9k views
UbuntuConfiguration ManagementLogging

I have the one click ELK stack setup running on a droplet, but I would also like to use the Elasticsearch part of it for other things as well as Logstash.

When I try to query it remotely though, I get a connection refused on port 9200.

How can I open this up, preferably to only allow access from defined ip addresses?

I have already tried commenting out the line in config and restarting, but this did not solve the issue.

Thanks in advance.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

The DigitalOcean ELK One-Click binds to localhost by default in /etc/elasticsearch/elasticsearch.yml by setting: localhost

This sets both ‘network.bindhost’ and 'network.publishhost’ So make sure that is commented out as well.

If that still isn’t working after restarting, check to see if there is more than one elasticsearch process. You can use ps aux | grep elasticsearch to do so. I’ve seen a few cases where restarting elasticsearch launches a second process instead and configuration changes don’t take effect as expected. After killing them manually and starting it back up, it should be configured as expected.
http.port: 9200