Connect ElasticSearch through SSL


At UAMx (OpenEdx for Universidad Autónoma de Madrid) we are running an instance of OpenEdx through tutor, with the databases as services installed natively in another server.

The problem is that I cannot connect to ElasticSearch through SSL from within a docker instance, because we need to pass ssl credentials and I don’t know how to pass them to docker.

The objective is to replicate a connection like in Install Elasticsearch with RPM | Elasticsearch Guide [8.11] | Elastic were the cert is pass to curl as a file.

The question can be: were should I put http_ca.crt to enable SSL connections in ElasticSearch?

Thanks very much in advance

In edx-platform, all connections to Elasticsearch happen through the edx-search package. This package creates an Elasticsearch client based on the ELASTIC_SEARCH_CONFIG setting.

Thus, you need to modify the ELASTIC_SEARCH_CONFIG setting to load the certificates from somewhere. If you run Open edX with tutor local, then you should bind-mount the certificates in the lms, cms, lms-worker and cms-worker containers. To do so, you should create a docker-compose.override.yml file.

I haven’t actually implemented this myself, but in theory it should work.

Thanks @regis for your quick response. I am trying to set the ELASTIC_SEARCH_CONFIG through a tutor plugin with the openedx-common-settings patch, but it seems to be overriden with the settings in config.yml

I have to make some more tests, as this is my first approach. I will keep my advances posted here


I finally managed to connect to an external ElasticSearch removing the SSL security, and as the servers are encapsulated in a secure environent it is perfectly valid. So, no need to modify the ELASTIC_SEARCH_CONFIG or the docker-compose.override.yml :slight_smile:

Althought I had to install exactly the same ElasticSearch version as the docker container. With the last ES version tutor fail creating indexes.

Thanks for the help!

Hello, I want to do the same work as you did. I want to separate Elasticsearch service to another server to reduce memory burden by Elasticsearch service. I wonder where I can get the ELASTIC_SEARCH_CONFIG information which can be used to set up an external Elasticsearch server. Thanks very much in advance

Hi @jdpark7

To externalize ElasticSearch I just followed the instructions on offloading data storage, which basically reflects in setting the following in your config.yml:


There are more variables you can set, check the ElasticSearch tutor configuration documentation.

In my case, there’s no need to modify ELASTIC_SEARCH_CONFIG. Whatever extra configuration you may need you should do it in the external service itself.

Hope this will help you

1 Like