Port 9300 bound to localhost - not usable from outside by default

[bachi76]

I just tried the image together with the java client. That client communicates over port 9300. While the image exposes port 9300, the elastic configuration binds by default to localhost.

http://localhost:9200/_nodes/http?pretty:

"nodes" : {
    "transport_address" : "127.0.0.1:9300",

Suggestion: Uncomment the line #transport.host: 0.0.0.0 in elasticsearch.yaml. As it's still up to the user to map 9300 in docker if needed, this should not be a security give-away.

Thanks for the great image!

[blacktop]

Client client = NodeBuilder.nodeBuilder()
                                .client(true)
                                .node()
                                .client();

I believe that would use port 9200?

The TransportClient uses the 9300, but seems to be an edge case way of connecting to Elasticsearch as 9300 is usually used for inter-node communication meaning one elasticsearch node talking to another in the cluster.

Is that what you really need?

You are welcome btw :)

[blacktop]

Looking into it more it looks like NodeBuilder is a part of the old 2.0 Java API and TransportClient is the only way? That is so strange as I have never connected to an ES node's 9300 port before and none of the official elasticsearch docker images have that setting enabled?

[blacktop]

What about a compromise? ;)

[blacktop]

$ docker run -d --name elstack -p 80:80 -p 9300:9300 -e transport.host=0.0.0.0 blacktop/elastic-stack

Let me know if that works for you?

[bachi76]

They mention somewhere that this Java API is just the same as they use internally to communicate with nodes - I guess it made sense to just maintain one Java API.

$ docker run -d --name elstack -p 80:80 -p 9300:9300 -e transport.host=0.0.0.0 blacktop/elastic-stack

That will work absolutely fine - thanks for the quick reaction!