You should change that "loopback":9200 to 0.0.0.0:9200 and make sure to have a VNET jail without NAT. Only then will you be able to connect to <jail-ip-address>:9200 from the outside. You can never connect to any service binding to 127.0.0.1 from anywhere but the system running the service itself.
According to the documentation that should read:
Code:
network.host: 0.0.0.0
http.port: 9200
I came across the same documentation when I was digging. From memory, I thought when you bound a service to the loopback interface, it could be accessed from any IP, but maybe different systems respond to that differently. Or maybe my memory doesn't serve me correctly...
Anyway, I did try that previously and tested again to make sure I didn't mess something up the first time.
When the network.host address is set to the loopback interface (127.0.0.1), I can connect from within the jail, but not from outside.
When the network.host address is set to 0.0.0.0, I can't do either. A few seconds after starting the service (set to 0.0.0.0), I get the following error:
Code:
ERROR: [1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at leastone of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
ERROR: Elasticsearch did not exit normally - check the logs at /var/log/elasticsearch/elasticsearch.log
Logs contain these warnings (other entries were info):
Code:
[2021-02-18T13:39:34,067][WARN ][o.e.b.BootstrapChecks ] [crawler] the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
[2021-02-18T13:42:37,028][WARN ][o.e.g.DanglingIndicesState] [crawler] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
There don't appear to be any dangling indices, but I can only check after reverting the network.host back to 127.0.0.1.