Access OpenSearch Dashboards externally (nginx)
Advanced Managed Search allows you to perform data exploration, search, visualization, and management tasks through the web UI of OpenSearch Dashboards.
However, the OpenSearch Dashboards URL is provided as a private endpoint inside the VPC, so it cannot be accessed directly from an external network. To access the UI externally, you must configure an intermediate server that acts as a proxy.
This page explains how to access OpenSearch Dashboards externally using nginx.
Overview
The OpenSearch Dashboards URL provided by Advanced Managed Search is a Private IP–based endpoint that can only be accessed within the VPC network.
To access the OpenSearch UI from outside, the following configuration is required.
- Create a VM instance that can be accessed from the public network
- Install nginx on the VM
- Configure nginx to proxy requests to the OpenSearch Dashboards endpoint
With this configuration, you can access the OpenSearch UI by connecting to the nginx server address through a browser.
Install and configure nginx
1. Install nginx
Connect to the VM instance where nginx will be installed and run the following commands.
sudo apt-get update
sudo apt-get install nginx
2. Configure nginx settings
Create or modify the nginx configuration file.
sudo vi /etc/nginx/conf.d/opensearch.conf
Configure the OpenSearch Dashboards endpoint as an upstream server as shown in the following example.
upstream dashboards {
server e9e155c8-de2a-4099-84bc-29f6cf89f566-cbt.advanced-managed-search.kr-central-2.kakaocloud.com:443;
}
server {
listen 8080;
location / {
proxy_pass https://dashboards;
# Add header settings (ensures login and redirect work correctly)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Configuration description
upstream dashboards: Specifies the OpenSearch Dashboards endpoint provided by Advanced Managed Searchlisten 8080: nginx port that external users connect toproxy_pass: Forwards requests to OpenSearch Dashboards
3. Test and reload nginx configuration
After creating the configuration file, test and apply the nginx configuration.
sudo nginx -s reload
If there are no configuration errors, nginx reloads successfully.
Access OpenSearch UI
After completing the nginx configuration, access the following address in a browser.
http://<nginx-VM-Public-IP>:8080
After connecting, the OpenSearch Dashboards login page appears, and you can log in with the master user account configured when creating the cluster.
Security and operational considerations
- It is recommended to restrict access to the nginx VM using security groups and allowed IP ranges.
- In production environments, consider configuring HTTPS and applying TLS certificates.
- If the proxy server fails, UI access becomes unavailable, so availability architecture should also be considered in production environments.
To allow external access, the following two network security configurations must be applied.
- VM instance security group: The inbound rule must allow port 8080.
- Advanced Managed Search cluster security group: The Private IP of the nginx VM must be allowed to access port 443 of the OpenSearch cluster.