Prefer private networking for HTTP by default, avoiding public IP bind #7077
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change breaks with current behavior of ES HTTP server socket binding.
The new default should be to bind HTTP only to private internet addresses
(localhost, link-local, private network RFC 1918) and to avoid
automatic public IP binds.
This change can no longer use the
null
host name for socket binding asdefault. Instead, it looks up the host name by a reverse IP check and uses
localhost
if this fails. For success, DNS must be working and configured correctly.The IP of the host name is used for binding and for the check if the IP is
public. If the IP is public, an exception is thrown, and the HTTP socket is not
available.
A new parameter
http.public_access
must be enabled explicitly to allowbinding the HTTP port against a public IP. The default is
false
.