I have a default installation of Elasticsearch which I am trying to query from a third party server. However, it seems that by default this is blocked.
Is anyone please able to tell me how I can configure Elasticsearch so that I can query it from a different server?
When elasticsearch is installed and run without any configuration changes by default it binds to localhost only. To access the elasticsearch REST API endpoint remotely the below changes has to be made on the server where elasticsearch has been installed.
Elasticsearch Configuration Change
Update the network.host property in elasticsearch.yml as per the guidelines provided in the elasticsearch documentation
For example to bind to all IPv4 addresses on the local machine, change as below
network.host : 0.0.0.0
Firewall Rules Update
Update the Linux firewall to allow access to port 9200. Please refer your Linux documentation for adding rules to the firewall.
For example to allow access to all the servers(public) in CentosOS use the firewall-cmd
sudo firewall-cmd --zone=public --permanent --add-port=9200/tcp
sudo firewall-cmd --reload
Note : In production environment public access is discouraged. A restricted access should be preferred.
In config/elasticsearch.yml, put network.host: 0.0.0.0.
And also add Inbound Rule in firewall for your ElasticSearch port(9200 ByDefault).
It worked in ElasticSearch version 2.3.0
Edit: As Sisso mentions in his comment below, Elasticsearch as of 2.0 at least binds to localhost by default. See https://www.elastic.co/guide/en/elasticsearch/reference/2.0/modules-network.html for more information.
As Damien mentions in his answer, by default ES allows all access to port 9200. In fact, you need to use external tools to provide authentication to the ES resource - something like a webapp frontend or just simple nginx with Basic Auth turned on.
Things that can prevent you from accessing a remote system (you probably know these):
network configuration problems
ES host firewall blocks incoming requests on port 9200
remote host firewall blocks outgoing requests to ES host and/or port 9200
ES is configured to bind to the wrong IP address (by default however, it binds to all available IPs)
Best guess? Check that you can connect from remote host to ES host, then check firewall on both systems. If you can't diagnose further, maybe someone on the ES mailing list (https://groups.google.com/forum/#!forum/elasticsearch) or IRC channel (#elasticsearch on Freenode) can help.
There is no restriction by default, ElasticSearch expose a standard HTTP API on the port 9200.
From your third party server, are you able to: curl http://es_hostname:9200/?
To allow remote access with one default node, settings\elasticsearch.yml should have:
network.host: 0.0.0.0
http.port: 9200
My case I need three instances. For each instance, it's necessary declare also the port range used.
network.host: 0.0.0.0
http.port: 9200-9202
Related
How can I connect the Azure Cache for Redis to the Flask WebApp that uses celery to perform some asynchronous tasks? Whenever I try to connect via Webjob, it would say unable to connect to redis.
I also tried enter this celery inspect ping -b redis://{password}#{redis_service_name}.redis.cache.windows.net:6379/0 from this post How to configure celery-redis in django project on microsoft azure? but i would get Connection Failure: If this issue persists, ensure your computer's firewall and proxy settings allow outbound TCP traffic to port 10225. Using the firewall feature on your cache may also block connections from the console if your IP address has not been whitelisted
If there is no special rule in the firewall, this error should not occur. In general, there are special firewall settings in company networks, so access problems can occur. In this case, you need to allow the firewall to port 10225 outbound.
You can test it on a different network using Redis console on Azure to see if it's firewall-related.
using company network with firewall rule
other network without firewall rule
Try switching your network to work temporarily. This is a network specific issue and the port used to connect to Redis server is blocked and needs to be opened.
I'm creating a python flask api on remote desktop and running it on localhost of remote desktop.
Is there anyway I can access this api from my local machine?
We are working in a team and I want to share this with my team members, but this is confidential and not to be deployed on open server.
We want to post and get the result with every member's local machine from api runnnig on remote desktop.
Both of our local machines and remote desktop are windows10.
Sorry for being abstract but I'm searching for any way out. Thanks.
Well, you should open your way to this API. You'll have to set up a VPN or IP address filter in the server so you can access the server from your network while still have it secured on the Internet. You can also setup a simpler proxy if you prefer it. I'll not cover the details on how to setup a VPN or proxy since it can get pretty extensive, but a Google search will help you out find the best alternative for you.
AFAIK, the Remote Desktop Protocol does not allow for any kind of VPN. However, if you can switch to TeamViewer, it does have an easy to setup VPN system that will allow you to get into the network with few configuration. Once a VPN is configured, it will work like if you were in the same network as the server, so from there you can access your API from your host machine by just going to the IP address of the server.
Do notice the security policies of whoever owns the server, since you can get into trouble if you don't have permission to enable some access from the outside. Security goes always in front of comfort.
Short term solution:
Firstly download ngrok for your operating system.
For debugging and testing purposes you can expose a secure tunnel connection to your API by running this command in your command prompt / terminal.
ngrok http <PORT_NUMBER>-host-header="localhost:<PORT_NUMBER>"
Where PORT_NUMBER is the port number in which your flask application is running.
Example if your flask application is running at port 5000 then simply execute this command:
ngrok http 5000 -host-header="localhost:5000"
Running this will give you two hostnames one with HTTP and other a secure HTTPS connected by a tunnel like this for a duration of 8 hours after which the command needs to again re-run.
Which you can call remotely
Long term solution:
Deploy flask application using FastCGI
or
To a cloud infrastructure provider like Microsoft Azure which gives readymade templates for flask applications.
I want to run pulsar along with apache airflow. The catch is that both run on port number 8080. I do not want to change Airflow's configuration but in order to make pulsar run, I have to assign it another port. I am using a Python library, which runs airflow on 8080.
I tried going through the standalone installation document but could not get anything through it. My aim is to run the Python client of Pulsar.
How do I change the port configuration of Pulsar?
You need to change the webservicePort configuration in conf/broker.conf
Here's the github link: https://github.com/apache/pulsar/blob/master/conf/broker.conf
...
# Port to use to server HTTP request
webServicePort=8080
# Port to use to server HTTPS request - By default TLS is disabled
webServicePortTls=
# Hostname or IP address the service binds on, default is 0.0.0.0.
bindAddress=0.0.0.0
...
For standalone, you can edit the conf/standalone.conf config file and set webServicePort=8081
I'm currently trying out the Django framework and I would share/present/show some stuff I've made to my workmate/friends. I work in Ubuntu under Win7 via VMware. So my wish/desire is to send my current pub-IP with port (e.g http://123.123.123.123:8181/django-app/) to my friends so they could test it.
the Problem is - I use django's Dev server (python /path-to-django-app/manage.py runserver $IP:$PORT).
How do I make the devserver public?
EDIT:
Oh, there's something I forgot to mention. As I sad I use VMware with Ubuntu. I have a shellscript that returns me my current int-IP 192.168.xx.xx and saves it in a environment-variable ($CUR_IP)
So, each time I want to run django's devserver I simply execute
python /path-to-django-site/manage.py runserver $CUR_IP:8080
At this way I become an http-adress (e.g.http://192.168.40.145:8080/app-name/) which I CAN USE OUTSIDE my virtual machine. I could test it on my host (win7) machine. That's actually the reason why I asked the question. I thought there's a way to use the ext-IP and make runserver usable outside too
python manage.py runserver 0.0.0.0:8181
This will run development server that should listen on all IP's on port 8181.
Note that as of Jun 17, 2011 Django development server is threaded by default (ticket #1609).
From docs:
Note that the default IP address,
127.0.0.1, is not accessible from other machines on your network. To
make your development server viewable
to other machines on the network, use
its own IP address (e.g. 192.168.2.1)
or 0.0.0.0.
Assuming you have ruby installed, you just have to get localtunnel:
gem install localtunnel
then start your python development server with:
python manage.py runserver 0.0.0.0:8000
in another shell, start localtunnel:
localtunnel -k ~/.ssh/id_rsa.pub 8000
That will output an url to access your local server.
Port 8000 is now publicly accessible from http://xxxx.localtunnel.com
That's it.
192.168.*.* is a LAN-private address -- once you've done the proper VMWare (or other VM manager) and firewall incantations to make it accessible from the LAN, it still won't be accessible from outside the LAN, i.e., from the internet at large (a good thing too, because such development servers are not designed for security and scalability).
To make some port of a machine with a LAN-private IP visible to the internet at large, you need a router with a "virtual servers" ability (many routers, even cheap ones, offer it, but it's impossible to be specific about enabling it since each brand has its own idiosyncratic way). I would also recommend dyndns or other similar service to associate a stable DNS name to your always-varying public IP (unless you're splurging for a static IP from your connectivity provider, of course, but the latter option is becoming costlier all the time).
superuser.com or serverfault.com may provide better answers and details (once you give every single little detail of your configuration in a question) since the question has nothing much to do with software development and everything to do with server administration and configuration.
I had to add this line to settings.py in order to make it work (otherwise it shows an error when accessed from another computer)
ALLOWED_HOSTS = ['*']
then ran the server with:
python manage.py runserver 0.0.0.0:9595
Also, make sure that your firewall allows communication to the chosen port (9595 in this case)
Already answered but adding npm alternate of same localtunnel
sudo npm install -g localtunnel
lt --port 8000 --subdomain yash
If you are using Virtualbox, You need to change the network setting in VB from "NAT" to "Bridged Adaptor". Then restart the linux. Now if you run sudo ifconfig you are able to see your IP address like 192.168.*.* . The last step is runserver
python manage.py runserver 192.168.*.*:8000
Cheers!
You need to configure bridged networking in VMWare and also grant access to the target port in Ubuntu firewall.
Alternatively, you can use cotunnel, Just run cotunnel in your ubuntu (in VMware) change your tunnel port in cotunnel dashboard which port you are using in local side. It gives public url and you can share the url with your friends.
Your Django server can listen to 127.0.0.1 or 0.0.0.0 (I prefer 0.0.0.0) it does not matter for cotunnel.
Might I suggest trying something like pyngrok to programmatically manage an ngrok tunnel for you? Full disclosure, I am the developer of it. Django example here, but it's as easy as installing pyngrok:
pip install pyngrok
and using it:
from pyngrok import ngrok
# <NgrokTunnel: "http://<public_sub>.ngrok.io" -> "http://localhost:8000">
http_url = ngrok.connect(8000)
No messing with ports or firewalls or IP addresses, and now you can also inspect the traffic (which is useful since what you're doing here is ongoing development, not running a prod-ready server).
Can access AppEngine SDK sites via local ip-address when localhost works just fine and a MacOSX using the GoogleAppEngineLauncher.
I'm trying to setup facebook development site (using a dyndns.org hostname pointing at my firewall which redirects the call to my mac book).
It seems like GoogleAppEngineLauncher defaults to localhost and blocks access to the ip-address directly.
Is there a way to change that behaviour in GoogleAppEngineLauncher?
Is this some kind of limitation built in by Google?
It doesn't seem to be an issue of configuration, because there isn't any settings for this.
So I'm guessing patching the source will be required?
As per the latest documentation -a wont work anymore.
This is possible by passing --host argument with dev_appserver.py command
dev_appserver --host=<your_ip_address> <your_app>
--host=
The host address to use for the server. You may need to set this to be able to access the development server from another computer on your network. An address of 0.0.0.0 allows both localhost access and hostname access. Default is localhost.
if you want to access development server using localhost & ip address, use this command:
dev_appserver.py --host=0.0.0.0 <your_app>
For the eclipse (PyDev) users, Right-click on your project Run As > Run Configurations...
In the Arguments Tab, add the -a and -p arguments:
-a 0.0.0.0 -p 80 "${workspace_loc:project}"
This is possible by passing the -a argument to dev_appserver.py, i.e. dev_appserver.py -a <your-ip> <your_app>. See also this article on using public IP addresses with the Google App Engine SDK.
Per the docs, it's technically possible:
--address=...
The host address to use for the
server. You may need to set this to be
able to access the development server
from another computer on your network.
An address of 0.0.0.0 allows both
localhost access and hostname access.
Default is localhost.
However, it may be risky: dev_appserver is strictly focused on development, not hardened in terms of security against the attacks you might be subject to if you serve on the open net. To deploy App Engine apps on your own server(s) (or Amazon, etc), you might be better off with alternative, open-source third-party solutions like appscale or typhoonae!
In Android Studio with Google App Engine plugin.
Just add httpAddress = '0.0.0.0' to app cfg in build.grade file.