2013-08-28 19:24:34 -04:00
[[modules-http]]
2020-06-01 12:22:55 -04:00
=== HTTP
2020-07-02 19:40:45 -04:00
[[modules-http-description]]
// tag::modules-http-description-tag[]
2020-08-13 08:06:09 -04:00
The HTTP layer exposes {es}'s REST APIs over HTTP. Clients send HTTP requests
to a node in the cluster which either handles it locally or else passes it on
to other nodes for further processing using the <<modules-transport,Transport
layer>>.
2013-08-28 19:24:34 -04:00
2020-08-13 08:06:09 -04:00
When possible, consider using {wikipedia}/Keepalive#HTTP_Keepalive[HTTP keep
alive] when connecting for better performance and try to get your favorite
client not to do {wikipedia}/Chunked_transfer_encoding[HTTP chunking].
2020-07-02 19:40:45 -04:00
// end::modules-http-description-tag[]
2013-08-28 19:24:34 -04:00
2020-06-01 12:22:55 -04:00
[http-settings]
==== HTTP settings
2013-08-28 19:24:34 -04:00
2020-07-02 19:40:45 -04:00
The following settings can be configured for HTTP. These settings also use the common <<modules-network,network settings>>.
NOTE: HTTP settings cannot be updated dynamically. You must configure these settings in the {es} <<settings, configuration file>>
and restart {es} for changes to take effect.
2013-08-28 19:24:34 -04:00
2020-07-02 19:40:45 -04:00
`http.port`::
A bind port range. Defaults to `9200-9300`.
2013-08-28 19:24:34 -04:00
2020-07-02 19:40:45 -04:00
`http.publish_port`::
The port that HTTP clients should use when
2014-12-07 10:56:47 -05:00
communicating with this node. Useful when a cluster node is behind a
proxy or firewall and the `http.port` is not directly addressable
from the outside. Defaults to the actual port assigned via `http.port`.
2020-07-02 19:40:45 -04:00
`http.bind_host`::
The host address to bind the HTTP service to. Defaults to `http.host` (if set) or `network.bind_host`.
2014-10-17 09:01:21 -04:00
2020-07-02 19:40:45 -04:00
`http.publish_host`::
The host address to publish for HTTP clients to connect to. Defaults to `http.host` (if set) or `network.publish_host`.
2014-10-17 09:01:21 -04:00
2020-07-02 19:40:45 -04:00
`http.host`::
Used to set the `http.bind_host` and the `http.publish_host`.
2013-08-28 19:24:34 -04:00
2020-07-02 19:40:45 -04:00
`http.max_content_length`::
The max content of an HTTP request. Defaults to `100MB`.
2013-08-28 19:24:34 -04:00
2020-07-02 19:40:45 -04:00
`http.max_initial_line_length`::
The max length of an HTTP URL. Defaults to `4KB`.
2015-04-27 09:58:21 -04:00
2020-07-02 19:40:45 -04:00
`http.max_header_size`::
The max size of allowed headers. Defaults to `8KB`.
2015-04-27 09:58:21 -04:00
2020-07-02 19:40:45 -04:00
[[http-compression]]
// tag::http-compression-tag[]
`http.compression` {ess-icon}::
Support for compression when possible (with Accept-Encoding). If HTTPS is enabled, defaults to `false`. Otherwise, defaults to `true`.
+
2020-05-20 12:12:05 -04:00
Disabling compression for HTTPS mitigates potential security risks, such as a
2020-08-17 11:27:04 -04:00
{wikipedia}/BREACH[BREACH attack]. To compress HTTPS traffic,
2020-05-20 12:12:05 -04:00
you must explicitly set `http.compression` to `true`.
2020-07-02 19:40:45 -04:00
// end::http-compression-tag[]
2013-08-28 19:24:34 -04:00
2020-07-02 19:40:45 -04:00
`http.compression_level`::
Defines the compression level to use for HTTP responses. Valid values are in the range of 1 (minimum compression) and 9 (maximum compression). Defaults to `3`.
2013-12-06 06:37:48 -05:00
2020-07-02 19:40:45 -04:00
[[http-cors-enabled]]
// tag::http-cors-enabled-tag[]
`http.cors.enabled` {ess-icon}::
Enable or disable cross-origin resource sharing, which determines whether a browser on another origin can execute requests against {es}. Set to `true` to enable {es} to process pre-flight
2020-08-17 11:27:04 -04:00
{wikipedia}/Cross-origin_resource_sharing[CORS] requests.
2020-07-02 19:40:45 -04:00
{es} will respond to those requests with the `Access-Control-Allow-Origin` header if the `Origin` sent in the request is permitted by the `http.cors.allow-origin` list. Set to `false` (the default) to make {es} ignore the `Origin` request header, effectively disabling CORS requests because {es} will never respond with the `Access-Control-Allow-Origin` response header.
+
NOTE: If the client does not send a pre-flight request with an `Origin` header or it does not check the response headers from the server to validate the
2020-06-01 12:22:55 -04:00
`Access-Control-Allow-Origin` response header, then cross-origin security is
2020-07-02 19:40:45 -04:00
compromised. If CORS is not enabled on {es}, the only way for the client to know is to send a pre-flight request and realize the required response headers are missing.
// end::http-cors-enabled-tag[]
2013-12-06 06:37:48 -05:00
2020-07-02 19:40:45 -04:00
[[http-cors-allow-origin]]
// tag::http-cors-allow-origin-tag[]
`http.cors.allow-origin` {ess-icon}::
Which origins to allow. If you prepend and append a forward slash (`/`) to the value, this will be treated as a regular expression, allowing you to support HTTP and HTTPs. For example, using `/https?:\/\/localhost(:[0-9]+)?/` would return the request header appropriately in both cases. Defaults to no origins allowed.
+
IMPORTANT: A wildcard (`*`) is a valid value but is considered a security risk, as your {es} instance is open to cross origin requests from *anywhere*.
2013-12-06 06:37:48 -05:00
2020-07-02 19:40:45 -04:00
// end::http-cors-allow-origin-tag[]
2013-12-06 06:37:48 -05:00
2020-07-02 19:40:45 -04:00
[[http-cors-max-age]]
// tag::http-cors-max-age-tag[]
`http.cors.max-age` {ess-icon}::
Browsers send a "preflight" OPTIONS-request to determine CORS settings. `max-age` defines how long the result should be cached for. Defaults to `1728000` (20 days).
// end::http-cors-max-age-tag[]
2013-12-06 06:37:48 -05:00
2020-07-02 19:40:45 -04:00
[[http-cors-allow-methods]]
// tag::http-cors-allow-methods-tag[]
`http.cors.allow-methods` {ess-icon}::
Which methods to allow. Defaults to `OPTIONS, HEAD, GET, POST, PUT, DELETE`.
// end::http-cors-allow-methods-tag[]
2013-12-06 06:37:48 -05:00
2020-07-02 19:40:45 -04:00
[[http-cors-allow-headers]]
// tag::http-cors-allow-headers-tag[]
`http.cors.allow-headers` {ess-icon}::
Which headers to allow. Defaults to `X-Requested-With, Content-Type, Content-Length`.
// end::http-cors-allow-headers-tag[]
2014-08-05 11:31:33 -04:00
2020-07-02 19:40:45 -04:00
[[http-cors-allow-credentials]]
// tag::http-cors-allow-credentials-tag[]
`http.cors.allow-credentials` {ess-icon}::
Whether the `Access-Control-Allow-Credentials` header should be returned. Defaults to `false`.
+
NOTE: This header is only returned when the setting is set to `true`.
2015-03-16 20:09:13 -04:00
2020-07-02 19:40:45 -04:00
// end::http-cors-allow-credentials-tag[]
2013-12-06 06:37:48 -05:00
2020-07-02 19:40:45 -04:00
`http.detailed_errors.enabled`::
If `true`, enables the output of detailed error messages and stack traces in the response output. Defaults to `true`.
+
If `false`, use the `error_trace` parameter to <<common-options-error-options,enable stack traces>> and return detailed error messages. Otherwise, only a simple message will be returned.
2018-04-13 05:55:33 -04:00
2020-07-02 19:40:45 -04:00
`http.pipelining.max_events`::
The maximum number of events to be queued up in memory before an HTTP connection is closed, defaults to `10000`.
2018-04-13 05:55:33 -04:00
2020-07-02 19:40:45 -04:00
`http.max_warning_header_count`::
The maximum number of warning headers in client HTTP responses. Defaults to `unbounded`.
2013-08-28 19:24:34 -04:00
2020-07-02 19:40:45 -04:00
`http.max_warning_header_size`::
The maximum total size of warning headers in client HTTP responses. Defaults to `unbounded`.
2020-02-07 03:03:20 -05:00
2020-07-28 04:14:56 -04:00
`http.tcp.no_delay`::
2020-08-17 11:27:04 -04:00
Enable or disable the {wikipedia}/Nagle%27s_algorithm[TCP no delay]
2020-07-28 04:14:56 -04:00
setting. Defaults to `network.tcp.no_delay`.
`http.tcp.keep_alive`::
Configures the `SO_KEEPALIVE` option for this socket, which
determines whether it sends TCP keepalive probes.
Defaults to `network.tcp.keep_alive`.
`http.tcp.keep_idle`:: Configures the `TCP_KEEPIDLE` option for this socket, which
determines the time in seconds that a connection must be idle before
starting to send TCP keepalive probes. Defaults to `network.tcp.keep_idle`, which
uses the system default. This value cannot exceed `300` seconds. Only applicable on
Linux and macOS, and requires Java 11 or newer.
`http.tcp.keep_interval`:: Configures the `TCP_KEEPINTVL` option for this socket,
which determines the time in seconds between sending TCP keepalive probes.
Defaults to `network.tcp.keep_interval`, which uses the system default.
This value cannot exceed `300` seconds. Only applicable on Linux and macOS, and requires
Java 11 or newer.
`http.tcp.keep_count`:: Configures the `TCP_KEEPCNT` option for this socket, which
determines the number of unacknowledged TCP keepalive probes that may be
sent on a connection before it is dropped. Defaults to `network.tcp.keep_count`,
which uses the system default. Only applicable on Linux and macOS, and
requires Java 11 or newer.
`http.tcp.reuse_address`::
Should an address be reused or not. Defaults to `network.tcp.reuse_address`.
`http.tcp.send_buffer_size`::
The size of the TCP send buffer (specified with <<size-units,size units>>).
Defaults to `network.tcp.send_buffer_size`.
`http.tcp.receive_buffer_size`::
The size of the TCP receive buffer (specified with <<size-units,size units>>).
Defaults to `network.tcp.receive_buffer_size`.
2020-06-01 12:22:55 -04:00
[http-rest-request-tracer]
==== REST request tracer
2020-02-07 03:03:20 -05:00
2020-06-01 12:22:55 -04:00
The HTTP layer has a dedicated tracer logger which, when activated, logs incoming requests. The log can be dynamically activated
2020-02-07 03:03:20 -05:00
by setting the level of the `org.elasticsearch.http.HttpTracer` logger to `TRACE`:
[source,console]
--------------------------------------------------
PUT _cluster/settings
{
"transient" : {
"logger.org.elasticsearch.http.HttpTracer" : "TRACE"
}
}
--------------------------------------------------
You can also control which uris will be traced, using a set of include and exclude wildcard patterns. By default every request will be
traced.
[source,console]
--------------------------------------------------
PUT _cluster/settings
{
"transient" : {
"http.tracer.include" : "*",
"http.tracer.exclude" : ""
}
}
2020-07-02 19:40:45 -04:00
--------------------------------------------------