Question

Allow remote access to Elasticsearch on DO ELK stack

I have the one click ELK stack setup running on a droplet, but I would also like to use the Elasticsearch part of it for other things as well as Logstash.

When I try to query it remotely though, I get a connection refused on port 9200.

How can I open this up, preferably to only allow access from defined ip addresses?

I have already tried commenting out the network.bind.host line in config and restarting, but this did not solve the issue.

Thanks in advance.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

network.host: 0.0.0.0 http.port: 9200

The DigitalOcean ELK One-Click binds to localhost by default in /etc/elasticsearch/elasticsearch.yml by setting:

network.host: localhost

This sets both ‘network.bind_host’ and ‘network.publish_host’ So make sure that is commented out as well.

If that still isn’t working after restarting, check to see if there is more than one elasticsearch process. You can use ps aux | grep elasticsearch to do so. I’ve seen a few cases where restarting elasticsearch launches a second process instead and configuration changes don’t take effect as expected. After killing them manually and starting it back up, it should be configured as expected.