OpenSearch/docs/reference/modules/http.asciidoc

[[modules-http]]
== HTTP

The http module allows to expose *elasticsearch* APIs
over HTTP.

The http mechanism is completely asynchronous in nature, meaning that
there is no blocking thread waiting for a response. The benefit of using
asynchronous communication for HTTP is solving the
http://en.wikipedia.org/wiki/C10k_problem[C10k problem].

When possible, consider using
http://en.wikipedia.org/wiki/Keepalive#HTTP_Keepalive[HTTP keep alive]
when connecting for better performance and try to get your favorite
client not to do
http://en.wikipedia.org/wiki/Chunked_transfer_encoding[HTTP chunking].

[float]
=== Settings

The following are the settings that can be configured for HTTP:

[cols="<,<",options="header",]
|=======================================================================
|Setting |Description
|`http.port` |A bind port range. Defaults to `9200-9300`.

|`http.max_content_length` |The max content of an HTTP request. Defaults
to `100mb`

|`http.max_initial_line_length` |The max length of an HTTP URL. Defaults
to `4kb`

|`http.compression` |Support for compression when possible (with
Accept-Encoding). Defaults to `false`.

|`http.compression_level` |Defines the compression level to use.
Defaults to `6`.

|`http.cors.enabled` |Enable or disable cross-origin resource sharing,
i.e. whether a browser on another origin can do requests to
Elasticsearch. Defaults to `false`.

|`http.cors.allow-origin` |Which origins to allow. Defaults to `*`,
i.e. any origin. If you prepend and append a `/` to the value, this will
be treated as a regular expression, allowing you to support HTTP and HTTPs.
for example using `/https?:\/\/localhost(:[0-9]+)?/` would return the
request header appropriately in both cases.

|`http.cors.max-age` |Browsers send a "preflight" OPTIONS-request to
determine CORS settings. `max-age` defines how long the result should
be cached for. Defaults to `1728000` (20 days)

|`http.cors.allow-methods` |Which methods to allow. Defaults to
`OPTIONS, HEAD, GET, POST, PUT, DELETE`.

|`http.cors.allow-headers` |Which headers to allow. Defaults to
`X-Requested-With, Content-Type, Content-Length`.

|`http.cors.allow-credentials` | Whether the `Access-Control-Allow-Credentials`
header should be returned. Note: This header is only returned, when the setting is
set to `true`. Defaults to `false`


|=======================================================================

It also uses the common
<<modules-network,network settings>>.

[float]
=== Disable HTTP

The http module can be completely disabled and not started by setting
`http.enabled` to `false`. This make sense when creating non
<<modules-node,data nodes>> which accept HTTP
requests, and communicate with data nodes using the internal
<<modules-transport,transport>>.
Migrated documentation into the main repo 2013-08-28 19:24:34 -04:00			`[[modules-http]]`
			`== HTTP`

			`The http module allows to expose elasticsearch APIs`
			`over HTTP.`

			`The http mechanism is completely asynchronous in nature, meaning that`
			`there is no blocking thread waiting for a response. The benefit of using`
			`asynchronous communication for HTTP is solving the`
			`http://en.wikipedia.org/wiki/C10k_problem[C10k problem].`

			`When possible, consider using`
			`http://en.wikipedia.org/wiki/Keepalive#HTTP_Keepalive[HTTP keep alive]`
			`when connecting for better performance and try to get your favorite`
			`client not to do`
			`http://en.wikipedia.org/wiki/Chunked_transfer_encoding[HTTP chunking].`

			`[float]`
			`=== Settings`

[DOCS] Fixd typo in http.asciidoc 2014-05-20 11:31:11 -04:00			`The following are the settings that can be configured for HTTP:`
Migrated documentation into the main repo 2013-08-28 19:24:34 -04:00
			`[cols="<,<",options="header",]`
			`\|=======================================================================`
			`\|Setting \|Description`
			\|`http.port` \|A bind port range. Defaults to `9200-9300`.

			\|`http.max_content_length` \|The max content of an HTTP request. Defaults
			to `100mb`

			\|`http.max_initial_line_length` \|The max length of an HTTP URL. Defaults
			to `4kb`

			\|`http.compression` \|Support for compression when possible (with
			Accept-Encoding). Defaults to `false`.

			\|`http.compression_level` \|Defines the compression level to use.
			Defaults to `6`.
Document http.cors-settings 2013-12-06 06:37:48 -05:00
			\|`http.cors.enabled` \|Enable or disable cross-origin resource sharing,
			`i.e. whether a browser on another origin can do requests to`
CORS: Disable by default In order to deliver a more secure out-of-the-box configuration this commit disables cross-origin resource sharing by default. Closes #7151 2014-09-08 09:50:29 -04:00			Elasticsearch. Defaults to `false`.
Document http.cors-settings 2013-12-06 06:37:48 -05:00
			\|`http.cors.allow-origin` \|Which origins to allow. Defaults to `*`,
CORS: Support regular expressions for origin to match against This commit adds regular expression support for the allow-origin header depending on the value of the request `Origin` header. The existing HttpRequestBuilder is also extended to support the OPTIONS HTTP method. Relates #5601 Closes #6891 2014-07-24 03:14:50 -04:00			i.e. any origin. If you prepend and append a `/` to the value, this will
			`be treated as a regular expression, allowing you to support HTTP and HTTPs.`
			for example using `/https?:\/\/localhost(:[0-9]+)?/` would return the
			`request header appropriately in both cases.`
Document http.cors-settings 2013-12-06 06:37:48 -05:00
			\|`http.cors.max-age` \|Browsers send a "preflight" OPTIONS-request to
			determine CORS settings. `max-age` defines how long the result should
			be cached for. Defaults to `1728000` (20 days)

			\|`http.cors.allow-methods` \|Which methods to allow. Defaults to
			`OPTIONS, HEAD, GET, POST, PUT, DELETE`.

			\|`http.cors.allow-headers` \|Which headers to allow. Defaults to
			`X-Requested-With, Content-Type, Content-Length`.

CORS: Allowed to configure allow-credentials header to work via SSL This adds support to return the "Access-Control-Allow-Credentials" header if needed, so CORS will work flawlessly with authenticated applications. Closes #6380 2014-08-05 11:31:33 -04:00			\|`http.cors.allow-credentials` \| Whether the `Access-Control-Allow-Credentials`
			`header should be returned. Note: This header is only returned, when the setting is`
			set to `true`. Defaults to `false`

Document http.cors-settings 2013-12-06 06:37:48 -05:00
Migrated documentation into the main repo 2013-08-28 19:24:34 -04:00			`\|=======================================================================`

[DOCS] Multiple doc fixes Closes #5047 2014-03-07 08:21:45 -05:00			`It also uses the common`
Migrated documentation into the main repo 2013-08-28 19:24:34 -04:00			`<<modules-network,network settings>>.`

			`[float]`
			`=== Disable HTTP`

			`The http module can be completely disabled and not started by setting`
			`http.enabled` to `false`. This make sense when creating non
			`<<modules-node,data nodes>> which accept HTTP`
			`requests, and communicate with data nodes using the internal`
			`<<modules-transport,transport>>.`