Accessing a Cluster from a Public Network

You can access a security cluster (Elasticsearch clusters in version 6.5.4 or later support the security mode) that has the HTTPS access enabled through the public IP address provided by the system.

By default, CSS uses a shared load balancer for public network access. You can use a dedicated load balancer to improve performance. For details about its configuration, see Connecting to a Dedicated Load Balancer.

If public network access is enabled for CSS, then EIP and bandwidth resources will be used and billed.

Configuring Public Network Access

Log in to the CSS management console.
On the Create Cluster page, enable Security Mode. Set the administrator password and enable HTTPS access.

Select Automatically assign for Public IP Address and set related parameters.

Figure 1 Configuring public network access

**Table 1** Public network access parameters
Parameter	Description
Bandwidth	Bandwidth for accessing Kibana with the public IP address
Access Control	If you disable this function, all IP addresses can access the cluster through the public IP address. If you enable access control, only IP addresses in the whitelist can access the cluster through the public IP address.
Whitelist	IP address or IP address range allowed to access a cluster. Use commas (,) to separate multiple addresses. This parameter can be configured only when Access Control is enabled.

Managing Public Network Access

You can configure, modify, view the public network access of, or disassociate the public IP address from a cluster.

Log in to the CSS management console.
On the Clusters page, click the name of the target cluster. On the Basic Information page that is displayed, manage the public network access configurations.
Figure 2 Modifying public network access configurations
- Configuring public network access
  If you enabled HTTPS but did not configure the public network access during security cluster creation, you can configure it on the Basic Information page after configuring the cluster.
  
  Click Associate next to Public IP Address, set the access bandwidth, and click OK.
  
  If the association fails, wait for several minutes and try again.
- Modifying public network access
  For a cluster for which you have configured public network access, you can click Edit next to Bandwidth to modify the bandwidth, or you can click Set next to Access Control to set the access control function and the whitelist for access.
- Viewing public network access
  On the Basic Information page, you can view the public IP address associated with the current cluster.
- Disassociating a public IP address from a cluster
  To disassociate the public IP address, click Disassociate next to Public IP Address.

Accessing a Cluster Through the Public IP Address

After configuring the public IP address, you can use it to access the cluster.

For example, run the following cURL commands to view the index information in the cluster. In this example, the public access IP address of one node in the cluster is 10.62.179.32 and the port number is 9200.

If the cluster you access does not have the security mode enabled, run the following command:
```
curl 'http://10.62.179.32:9200/_cat/indices'
```
If the cluster you access has the security mode enabled, access the cluster using HTTPS and add the username, password and -u to the cURL command.
```
curl -u username:password -k 'https://10.62.179.32:9200/_cat/indices'
```

Parent topic: Accessing an Elasticsearch Cluster

Previous topic: Accessing an Elasticsearch Cluster

Next topic: Accessing a Cluster Using a VPC Endpoint