Help Center> Cloud Search Service> FAQ> Network> How Do I Use a NAT Gateway to Access CSS from the Internet?
View PDF

How Do I Use a NAT Gateway to Access CSS from the Internet?

Operation process

1.Obtaining CSS Information

2.Configuring a NAT Gateway

3.Modifying Security Group Rules

4.Accessing CSS from the Internet

If your CSS clusters are in non-security mode, do not access CSS through the NAT gateway to prevent data of the cluster from being exposed to the Internet.

Obtaining CSS Information

  1. Obtain the private network address for accessing CSS.

    Log in to the CSS management console, create a cluster, and then obtain the private network address of the cluster on the Clusters page.

  2. Obtain the VPC and subnet information.

    Click the desired cluster name/ID to go to the Basic Information page and obtain the VPC and subnet information.

Configuring a NAT Gateway

  1. Create a NAT gateway.

    1. Log in to the console and choose Service List > Network >NAT Gateway. The Network Console page is displayed.
    2. Click Buy NAT Gateway. On the displayed page, configure related parameters of the NAT gateway. For details, see section "Buying a NAT Gateway" in the NAT Gateway User Guide.

      Set VPC and Subnet to the values obtained in 2.

    3. Click Next, confirm the configurations, and click Submit.

  2. Add DNAT rules.

    1. On the NAT Gateway console, click the name of the NAT gateway you purchased. The details page is displayed.
    2. Choose DNAT Rules > Add DNAT Rule. For details, see section "Adding a DNAT Rule" in the NAT Gateway User Guide.
      • EIP: Create an EIP on the EIPs page based on your service requirements.
      • Outside Port: Custom.
      • Private IP Address: private network IP address of CSS, which is Private Network Address obtained in 1.
      • Inside Port: 9200.
      • If your cluster contains multiple private IP addresses, add one DNAT rule for each address.
    3. Click OK.

Modifying Security Group Rules

  1. Log in to the CSS management console. Switch to the Clusters page. Click the name/ID of the target cluster to switch to the Basic Information page.
  2. On the displayed page, click the value of the Security Group parameter.

  3. On the displayed page, click Inbound Rules.
  4. Click Add Rule to add an inbound rule for port 9200.
  5. After the configuration is completed, click OK.

Accessing CSS from the Internet

  1. Enter https://IP:port or http://IP:port in the address box of the browser.

    • IP refers to EIP and port refers to the port number, both of which were set when adding DNAT rules.
    • If Security Mode is enabled for the cluster, enter https://IP:port and then enter the username and password set for security mode on the displayed page.
    • If Security Mode is not enabled for the cluster, enter https://IP:port.

Parent topic: Network