Ошибка: App Search не может подключиться к Elasticsearch. Убедитесь, что работоспособный кластер Elasticsearch работает по адресу http://localhost:9200 для пользовательских эластичных

Я пытаюсь подключить App Search к Elastic Search, и оба они работают в отдельных контейнерах докера, но веб-сайт не является частью докера.

Итак, у меня есть виртуальный хост из цифрового океана, сайт работает в /var/www/

My Elastic Search работает на порту 9200 в док-контейнере, а My App Search работает на порту 3002 в док-контейнере.

У меня есть один узел (для эластичного поиска).

Я получаю ошибку ниже, когда устанавливаю

      network.host: "127.0.0.1"

app_search.listen_host: "127.0.0.1" 
elasticsearch.host: http://localhost:9200

Ошибка:

      [app-server][INFO]: Failed to connect to Elasticsearch backend. Make sure it is running.

Error: App Search is unable to connect to Elasticsearch. Ensure a healthy Elasticsearch cluster is running at http://localhost:9200 for user elastic.

Если я установлю ниже в elasticsearch.yml

      network.host: 0.0.0.0

и ниже в app-search.yml

      app_search.listen_host: 0.0.0.0
elasticsearch.host: http://elasticsearch:9200

Я могу подключить поиск приложений к поиску Elastic, но затем получаю предупреждение от Digital Ocean:

      A recent network security scan suggests your Droplet XXXX-web1 is running elasticsearch and that it may be unintentionally exposing data, or misconfigured to allow unauthorized access.

Elasticsearch listens for traffic from everywhere on port 9200 and you can validate this report by attempting to connect to your elasticsearch on 9200 via a simple telnet command:

telnet XXX.XXX.XX.XXX 9200

If the connection is successful you will receive output like the following, which will confirm that your service is visible to the public Internet:

Trying XXX.XXX.XX.XXX...
Connected to XXX.XXX.XX.XXX.
Escape character is '^]'.

You will want to restrict outside access to your Elasticsearch instance to prevent outsiders from reading your data or shutting down your Elasticsearch cluster through its REST API.

Remediation of this issue will take just a few minutes and is relatively straightforward.You will need to open /etc/elasticsearch/elasticsearch.yml and uncomment (remove the "#") and replace its value with 'localhost' so it looks like this:

network.host: localhost

Моя операционная система

      Ubuntu 18.04

Докер

      Client: Docker Engine - Community
 Version:           20.10.17
 API version:       1.41
 Go version:        go1.17.11
 Git commit:        100c701
 Built:             Mon Jun  6 23:02:56 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.17
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.11
  Git commit:       a89b842
  Built:            Mon Jun  6 23:01:02 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.8
  GitCommit:        9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Эластичный поиск

      elasticsearch:7.6.0

Поиск приложений

      app-search:7.6.0

Файл компоновки Docker

      version: '3.4'

services:
    #MySQL Service
    db:
        image: mysql:5.7.22
        container_name: db
        restart: unless-stopped
        tty: true
        ports:
          - "${HOST_DB_PORT}:3306"
        environment:
          MYSQL_ROOT_PASSWORD: "${DB_ROOT_PASSWORD}"
          MYSQL_DATABASE: "${DB_DATABASE}"
          MYSQL_USER: "${DB_USERNAME}"
          MYSQL_PASSWORD: "${DB_PASSWORD}"
          MYSQL_ROOT_HOST: "%"
        volumes:
            - ./data/dbdata:/var/lib/mysql/:delegated
            - ./docker/mysql/my.cnf:/etc/mysql/my.cnf
        networks:
            - internal


    #Elastic Search Service
    elasticsearch:
        image: docker.elastic.co/elasticsearch/elasticsearch:7.6.0
        container_name: elasticsearch
        restart: unless-stopped
        environment:
            - "node.name=elasticsearch"
            - "discovery.type=single-node"
            - "cluster.name=app-search-docker-cluster"
            - "bootstrap.memory_lock=true"
            - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
        volumes:
           - ./data/elasticsearch:/var/lib/elasticsearch/data/:delegated
           - ./docker/elastic/elasticsearch/elasticsearch.yml:/etc/elasticsearch/elasticsearch.yml
           - ./docker/elastic/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
        ulimits:
          memlock:
            soft: -1
            hard: -1
        ports:
            - 9200:9200
        networks:
            - internal

    #App Search Service
    appsearch:
        image: docker.elastic.co/app-search/app-search:7.6.0
        container_name: appsearch
        restart: unless-stopped
        depends_on:
          - elasticsearch
        environment:
          - "APP_SEARCH_EXTERNAL_URL=${APP_SEARCH_EXTERNAL_URL}"
          - "APP_SEARCH_SECRET_SESSION_KEY=${APP_SEARCH_SECRET_SESSION_KEY}"
          - "ELASTIC_SEARCH_PASSWORD=${ELASTIC_SEARCH_PASSWORD}"
          - "APP_SEARCH_DEFAULT_PASSWORD=${APP_SEARCH_DEFAULT_PASSWORD}"
          - "elasticsearch.host=http://localhost:9200"
          - "JAVA_OPTS=-Xmx1g"
        volumes:
          - ./docker/elastic/appsearch/app-search.yml:/usr/share/app-search/config/app-search.yml
        ports:
          - 3002:3002
        networks:
          - internal

#Docker Networks
networks:
    internal:
        driver: bridge

elasticsearch.yml

      cluster.name: "docker-cluster"
network.host: "127.0.0.1"
xpack.security.enabled: true
action.auto_create_index: ".app-search-*-logs-*,-.app-search-*,+*"

app-search.yml

      allow_es_settings_modification: true
app_search.listen_host: "127.0.0.1"
elasticsearch.host: http://localhost:9200
filebeat_log_directory: /var/log/app-search
log_directory: /var/log/app-search
app_search.auth.source: standard
elasticsearch.username: elastic
elasticsearch.password: ${ELASTIC_SEARCH_PASSWORD}
app_search.external_url: ${APP_SEARCH_EXTERNAL_URL}
hide_version_info: true
secret_session_key: ${APP_SEARCH_SECRET_SESSION_KEY}
email.account.enabled: true
email.account.smtp.auth: login
email.account.smtp.starttls.enable: ${APP_SEARCH_SMTP_TLS}
email.account.smtp.host: ${APP_SEARCH_SMTP_HOST}
email.account.smtp.port: ${APP_SEARCH_SMTP_PORT}
email.account.smtp.user: ${APP_SEARCH_SMTP_USER}
email.account.smtp.password: ${APP_SEARCH_SMTP_PASSWORD}
Источник

1 ответ

Я нашел решение.

Я хотел предотвратить публичный доступ к эластичному поиску и поиску приложений во внешнем мире, но доступный для хост-сервера. Я сделал следующее:

docker-compose.yml

      ports:
    - 127.0.0.1:9200:9200
    - 127.0.0.1:9300:9300
    - "elasticsearch.host=http://elasticsearch:9200"

Добавлением127.0.0.1к портам гарантирует, что эластичный поиск доступен для докера основного сервера, но не для внешнего мира.

The elasticsearch.ymlимеет ниже

      cluster.name: "docker-cluster"
network.host: 0.0.0.0
xpack.security.enabled: true (optional)
action.auto_create_index: ".app-search-*-logs-*,-.app-search-*,+*"

The app-search.ymlимеет ниже

      allow_es_settings_modification: true
app_search.listen_host: 0.0.0.0 (anyone can listen)
elasticsearch.host: http://elasticsearch:9200 (host = elasticsearch)
filebeat_log_directory: /var/log/app-search
log_directory: /var/log/app-search
app_search.auth.source: standard
elasticsearch.username: elastic
elasticsearch.password: ${ELASTIC_SEARCH_PASSWORD}
app_search.external_url: ${APP_SEARCH_EXTERNAL_URL}
Источник
Другие вопросы по тегам