一旦elasticsearch服务运行起来的话,任何人访问http://www.example.com:9200都是可以访问的,我现在的需求是只能本机访问,其他外面的ip不能访问,求简单设置方法?
无意中看到这个问题,不得不说,可以设置的
############################## Network And HTTP ###############################
# Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens
# on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node
# communication. (the range means that if the port is busy, it will automatically
# try the next port).
# Set the bind address specifically (IPv4 or IPv6):
#
#network.bind_host: 192.168.0.1
# Set the address other nodes will use to communicate with this node. If not
# set, it is automatically derived. It must point to an actual IP address.
#
#network.publish_host: 192.168.0.1
# Set both 'bind_host' and 'publish_host':
#
network.host: 127.0.0.1
希望没写错:
iptables -A INPUT -p tcp --dport 9200 ! -s 127.0.0.1 -j DROP
linux里面可以修改防火墙控制,譬如CentOS里面,把监听IP设置为内网即可