How Do I Use a NAT Gateway to Access CSS from the Internet?
Perform the following operations:
3.Modifying Security Group Rules
4.Accessing CSS from the Internet
If your CSS clusters do not have the security mode enabled, do not access CSS through the NAT gateway. Otherwise, the cluster data will be exposed to the Internet.
Obtaining CSS Information
- Log in to the CSS management console.
- On the Clusters page, click the name of a cluster. The Basic Information page is displayed by default.
- In the Configuration Information area, view the Private Network Address, VPC, and Subnet information.
Figure 1 Required information
Configuring a NAT Gateway
- Create a NAT gateway.
- Log in to the console and choose Service List > Networking >NAT Gateway. The Network Console page is displayed.
- Click Buy Public NAT Gateway. On the displayed page, configure related parameters. For details, see section "Buying a NAT Gateway" in NAT Gateway User Guide.
Set VPC and Subnet to the values you obtained in Obtaining CSS Information.
- Click Next, confirm the configurations, and click Pay Now.
- Add DNAT rules.
- On the Public NAT Gateways page, click the name of the NAT gateway you purchased. The details page is displayed.
- Choose DNAT Rules > Add DNAT Rule. For details, see section "Adding a DNAT Rule" in the NAT Gateway User Guide. When configuring DNAT rules, use the following settings:
- EIP: Create an EIP on the EIPs page based on your service requirements.
- Outside Port: Custom.
- Private IP Address: private network IP address of CSS, which is the Private Network Address you obtained in Obtaining CSS Information.
- Inside Port: 9200.
- If your cluster contains multiple private IP addresses, add one DNAT rule for each address.
- Click OK.
Modifying Security Group Rules
- Log in to the CSS management console. In the navigation pane, click Clusters. On the displayed Clusters page, click the name of the target cluster to go to the Basic Information page
- On the Basic Information page, click Security Group.
- On the Basic Information page of the security group, click the Inbound Rules tab.
- Click Add Rule to add an inbound rule for port 9200.
- Click OK.
Accessing CSS from the Internet
- IP and port are an EIP and port you set when you added DNAT rules.
- If you have enabled Security Mode for the cluster, enter https://IP:port and then enter the username and password that you set for security mode on the displayed page.
- If you have not enabled Security Mode for the cluster, just enter http://IP:port.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot