Access OpenSearch and OpenSearch Dashboards externally through proxy (nginx)
Advanced Managed Search allows you to perform data exploration, search, visualization, and management tasks through OpenSearch and OpenSearch Dashboards.
However, the OpenSearch and OpenSearch Dashboards URLs are provided as private endpoints inside the VPC, so they cannot be accessed directly from an external network. To access them externally, you must configure an intermediate server that acts as a proxy.
This page explains how to access OpenSearch and OpenSearch Dashboards externally using nginx.
Overview
The OpenSearch and OpenSearch Dashboards URLs provided by Advanced Managed Search are Private IP-based endpoints that can only be accessed within the VPC network.
To access OpenSearch and OpenSearch Dashboards from outside, the following configuration is required.
- Create a VM instance that can be accessed from the public network
- Install nginx on the VM
- Configure nginx to proxy requests to the OpenSearch and OpenSearch Dashboards endpoints
With this configuration, you can use the OpenSearch API and OpenSearch Dashboards UI by connecting to the nginx server address.
Install and configure nginx
1. Install nginx
Connect to the VM instance where nginx will be installed and run the following commands.
sudo apt-get update
sudo apt-get install nginx
2. Configure nginx settings
Create or modify the nginx configuration file.
sudo vi /etc/nginx/conf.d/opensearch.conf
Configure the OpenSearch or OpenSearch Dashboards endpoint as an upstream server as shown in the following example.
upstream opensearch {
server e9e155c8-de2a-4099-84bc-29f6cf89f566-cbt.advanced-managed-search.kr-central-2.kakaocloud.com:443;
}
server {
listen 8080;
location / {
proxy_pass https://opensearch;
# Add header settings (ensures login and redirect work correctly)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Configuration description
upstream opensearch: Specifies the OpenSearch endpoint provided by Advanced Managed Searchlisten 8080: nginx port that external users connect toproxy_pass: Forwards requests to OpenSearch
3. Test and reload nginx configuration
After creating the configuration file, test and apply the nginx configuration.
sudo nginx -s reload
If there are no configuration errors, nginx reloads successfully.
Access OpenSearch
After completing the nginx configuration, access the following address from a terminal.
curl -X GET http://<nginx-VM-Public-IP>:8080 -u 'admin:[password]'
When you call the endpoint with the master user account configured when creating the cluster, the OpenSearch status response is displayed.
Access OpenSearch UI
After completing the nginx configuration, access the following address in a browser.
http://<nginx-VM-Public-IP>:8080/dashboards
After connecting, the OpenSearch Dashboards login page appears, and you can log in with the master user account configured when creating the cluster.
Security and operational considerations
- It is recommended to restrict access to the nginx VM using security groups and allowed IP ranges.
- In production environments, consider configuring HTTPS and applying TLS certificates.
- If the proxy server fails, UI access becomes unavailable, so availability architecture should also be considered in production environments.
To allow external access, the following two network security configurations must be applied.
- VM instance security group: The inbound rule must allow port 8080.
- Advanced Managed Search cluster security group: The Private IP of the nginx VM must be allowed to access port 443 of the OpenSearch cluster.