yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
03e77f3e5b0080047fdcb72efdfd3333dd3bcf92
doc-exports/docs/css/umn/css_02_0033.html
zhengxiu 93d856d5c5 css umn 25.6.0 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: zhengxiu <zhengxiu@huawei.com>
Co-committed-by: zhengxiu <zhengxiu@huawei.com>
2025-11-25 11:34:43 +00:00

88 lines
14 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001933318494"></a><a name="EN-US_TOPIC_0000001933318494"></a>
<h1 class="topictitle1">How Do I Use a NAT Gateway to Enable Public Network Access for an Elasticsearch/OpenSearch Cluster?</h1>
<div id="body8662426"><p id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_p225617612480">Perform the following operations:</p>
<p id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_p1382775919469">1. <a href="#EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section9324115816273">Obtaining Cluster Information</a></p>
<p id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_p4211510124712">2. <a href="#EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section13091155184816">Configuring a NAT Gateway</a></p>
<p id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_p03553255472">3. <a href="#EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section8868104118811">Modifying Security Group Rules for the Cluster</a></p>
<p id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_p19413113294712">4. <a href="#EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section1474433184620">Accessing a Cluster over the Public Network</a></p>
<div class="caution" id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_note17568164325815"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_p1456817432587">If your CSS clusters do not have the security mode enabled, do not allow public network access to them via the NAT gateway. Otherwise, your data will be exposed to the Internet.</p>
</div></div>
<div class="section" id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section9324115816273"><a name="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section9324115816273"></a><a name="en-us_topic_0182065775_section9324115816273"></a><h4 class="sectiontitle">Obtaining Cluster Information</h4><ol id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_ol1057104192814"><li id="EN-US_TOPIC_0000001933318494__li1284117555516"><span><span id="EN-US_TOPIC_0000001933318494__ph1184065512517">Log in to the CSS management console.</span></span></li><li id="EN-US_TOPIC_0000001933318494__en-us_topic_0000001938377752_li4250043448"><span>In the navigation pane, choose <strong id="EN-US_TOPIC_0000001933318494__b1056691008104243">Clusters</strong> &gt; <strong id="EN-US_TOPIC_0000001933318494__b1932303253104243">Elasticsearch</strong> or <strong id="EN-US_TOPIC_0000001933318494__b727439823104243">Clusters</strong> &gt; <strong id="EN-US_TOPIC_0000001933318494__b1721039971104243">OpenSearch</strong>.</span></li><li id="EN-US_TOPIC_0000001933318494__li1219431918401"><span>In the cluster list, click the name of the target cluster. The cluster information page is displayed.</span></li><li id="EN-US_TOPIC_0000001933318494__li1754618453610"><span>Click the <span class="wintitle" id="EN-US_TOPIC_0000001933318494__wintitle16330132663912"><b>Overview</b></span> tab.</span></li><li id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_li1277611425215"><span>In the <strong id="EN-US_TOPIC_0000001933318494__b1074013555612">Configuration</strong> area, obtain the cluster's <span class="parmname" id="EN-US_TOPIC_0000001933318494__parmname31091651171911"><b>Region</b></span>, <span class="parmname" id="EN-US_TOPIC_0000001933318494__parmname23811722191611"><b>VPC</b></span>, <span class="parmname" id="EN-US_TOPIC_0000001933318494__parmname183953256167"><b>Current Subnet</b></span>, and <span class="parmname" id="EN-US_TOPIC_0000001933318494__parmname1323781961616"><b>Private IPv4 Address</b></span>.</span></li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section13091155184816"><a name="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section13091155184816"></a><a name="en-us_topic_0182065775_section13091155184816"></a><h4 class="sectiontitle">Configuring a NAT Gateway</h4><ol id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_ol77591530114918"><li id="EN-US_TOPIC_0000001933318494__li5966144151815"><span>Create a public NAT gateway to enable public network access for the current cluster.</span><p><div class="p" id="EN-US_TOPIC_0000001933318494__p223424501815">For details, see <em id="EN-US_TOPIC_0000001933318494__i1418483018214">NAT Gateway User Guide</em>. <a href="#EN-US_TOPIC_0000001933318494__table7995546662">Table 1</a> describes the key parameters. Set other parameters based on service requirements.
<div class="tablenoborder"><a name="EN-US_TOPIC_0000001933318494__table7995546662"></a><a name="table7995546662"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001933318494__table7995546662" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuring a public NAT gateway</caption><thead align="left"><tr id="EN-US_TOPIC_0000001933318494__row129956461961"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.8.2.1.2.1.3.2.3.1.1"><p id="EN-US_TOPIC_0000001933318494__p17995046264">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.8.2.1.2.1.3.2.3.1.2"><p id="EN-US_TOPIC_0000001933318494__p299524611619">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001933318494__row899544610620"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.8.2.1.2.1.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001933318494__p1499511469612">Region</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.8.2.1.2.1.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001933318494__p189951646161">Use the region of the Elasticsearch/OpenSearch cluster.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001933318494__row1799518465611"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.8.2.1.2.1.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001933318494__p59952466614">VPC</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.8.2.1.2.1.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001933318494__p5995146467">Use the VPC of the Elasticsearch/OpenSearch cluster.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001933318494__row179957461867"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.8.2.1.2.1.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001933318494__p799517461161">Subnet</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.8.2.1.2.1.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001933318494__p736913911016">Use the subnet of the Elasticsearch/OpenSearch cluster.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</p></li><li id="EN-US_TOPIC_0000001933318494__li7295161816214"><span>After a public NAT gateway is created, add DNAT rules to allow the cluster in your VPC to provide services accessible from the Internet.</span><p><p id="EN-US_TOPIC_0000001933318494__p8633919172114">For details, see <em id="EN-US_TOPIC_0000001933318494__i6193131317215">NAT Gateway User Guide</em>. <a href="#EN-US_TOPIC_0000001933318494__table1366892773110">Table 2</a> describes the key parameters. Set other parameters based on service requirements.</p>
<div class="tablenoborder"><a name="EN-US_TOPIC_0000001933318494__table1366892773110"></a><a name="table1366892773110"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001933318494__table1366892773110" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Adding a DNAT rule</caption><thead align="left"><tr id="EN-US_TOPIC_0000001933318494__row16668182715310"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.8.2.2.2.2.2.3.1.1"><p id="EN-US_TOPIC_0000001933318494__p566942716311">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.8.2.2.2.2.2.3.1.2"><p id="EN-US_TOPIC_0000001933318494__p2669112763117">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001933318494__row86698274319"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.8.2.2.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001933318494__p16698270316">Public IP Address Type</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.8.2.2.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001933318494__p156691427133117">Select <strong id="EN-US_TOPIC_0000001933318494__b249413164710">EIP</strong>.</p>
<p id="EN-US_TOPIC_0000001933318494__p1212211485426">Remember the configured IP address, which will be needed for accessing the cluster from the public network.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001933318494__row44031640144210"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.8.2.2.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001933318494__p7404140184215">Public Port</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.8.2.2.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001933318494__p10404184074212">A custom port can be configured.</p>
<p id="EN-US_TOPIC_0000001933318494__p14894152314433">Remember the configured port, which will be needed for accessing the cluster from the public network.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001933318494__row588903211319"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.8.2.2.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001933318494__p15889103243115">Private IP Address</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.8.2.2.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001933318494__p138901332133119">Enter the cluster's private IPv4 address obtained <a href="#EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section9324115816273">Obtaining Cluster Information</a>.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001933318494__row19111433103117"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.8.2.2.2.2.2.3.1.1 "><p id="EN-US_TOPIC_0000001933318494__p5111173310317">Private Port</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.8.2.2.2.2.2.3.1.2 "><p id="EN-US_TOPIC_0000001933318494__p19111173319315">Enter 9200.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="caution" id="EN-US_TOPIC_0000001933318494__note24611812353"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="EN-US_TOPIC_0000001933318494__p34609823520">If the cluster has multiple private IPv4 addresses, add multiple DNAT rules.</p>
</div></div>
</p></li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section8868104118811"><a name="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section8868104118811"></a><a name="en-us_topic_0182065775_section8868104118811"></a><h4 class="sectiontitle">Modifying Security Group Rules for the Cluster</h4><ol id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_ol16401115415817"><li id="EN-US_TOPIC_0000001933318494__li4901131243715"><span><span id="EN-US_TOPIC_0000001933318494__ph11902111212372">Log in to the CSS management console.</span></span></li><li id="EN-US_TOPIC_0000001933318494__li7902151243716"><span>In the navigation pane, choose <strong id="EN-US_TOPIC_0000001933318494__b1188223660104244">Clusters</strong> &gt; <strong id="EN-US_TOPIC_0000001933318494__b1052897432104244">Elasticsearch</strong> or <strong id="EN-US_TOPIC_0000001933318494__b1671046584104244">Clusters</strong> &gt; <strong id="EN-US_TOPIC_0000001933318494__b430837388104244">OpenSearch</strong>.</span></li><li id="EN-US_TOPIC_0000001933318494__li19902181212373"><span>In the cluster list, click the name of the target cluster. The cluster information page is displayed.</span></li><li id="EN-US_TOPIC_0000001933318494__li790261203715"><span>Click the <span class="wintitle" id="EN-US_TOPIC_0000001933318494__wintitle69049123372"><b>Overview</b></span> tab.</span></li><li id="EN-US_TOPIC_0000001933318494__li1962522110370"><span>In the <strong id="EN-US_TOPIC_0000001933318494__b151082411575">Configuration</strong> area, find <span class="parmname" id="EN-US_TOPIC_0000001933318494__parmname161019033918"><b>Security Group</b></span>, and click the security group name to go to the details page.</span></li><li id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_li176233592335"><span>Click the <strong id="EN-US_TOPIC_0000001933318494__b776267013104244">Inbound Rules</strong> tab.</span></li><li id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_li11641141203715"><span>Click <strong id="EN-US_TOPIC_0000001933318494__b4119125115820">Add Rule</strong> to add an inbound rule to allow port 9200.</span></li><li id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_li1950673353817"><span>Click <strong id="EN-US_TOPIC_0000001933318494__b1630216395013">OK</strong>.</span></li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section1474433184620"><a name="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_section1474433184620"></a><a name="en-us_topic_0182065775_section1474433184620"></a><h4 class="sectiontitle">Accessing a Cluster over the Public Network</h4><div class="p" id="EN-US_TOPIC_0000001933318494__p46801624205319">Enter <span class="filepath" id="EN-US_TOPIC_0000001933318494__filepath156621244414"><b>https://{IP}:{port}</b></span> or <span class="filepath" id="EN-US_TOPIC_0000001933318494__filepath7571101513441"><b>http://{IP}:{port}</b></span> in the browser address box to access the Elasticsearch or OpenSearch cluster.<ul id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_ul9894834132019"><li id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_li112213396207"><strong id="EN-US_TOPIC_0000001933318494__b14858142516582"><em id="EN-US_TOPIC_0000001933318494__i1785852513586">IP</em></strong> and <strong id="EN-US_TOPIC_0000001933318494__b385813250584"><em id="EN-US_TOPIC_0000001933318494__i118581325115812">port</em></strong> are the EIP and port you set when you added DNAT rules.</li><li id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_li1930611428205">If you have enabled <strong id="EN-US_TOPIC_0000001933318494__b168048294584">Security Mode</strong> for the cluster, enter <span class="filepath" id="EN-US_TOPIC_0000001933318494__filepath14935078445"><b>https://{IP}:{port}</b></span> and then enter the username and password for the cluster.</li><li id="EN-US_TOPIC_0000001933318494__en-us_topic_0182065775_li17894143412204">If you have not enabled <strong id="EN-US_TOPIC_0000001933318494__b122549326581">Security Mode</strong> for the cluster, enter <span class="filepath" id="EN-US_TOPIC_0000001933318494__filepath19585144114417"><b>http://{IP}:{port}</b></span>.</li></ul>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_02_0077.html">Accessing CSS Clusters</a></div>
</div>
</div>
View Git Blame Copy Permalink