Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Connecting to an OpenSearch cluster from applications

Written by
Updated at March 5, 2026

This section provides settings for connecting to Managed Service for OpenSearch cluster hosts using command line tools, OpenSearch Dashboards, and from a Docker container. To learn how to connect from your application code, see Code examples.

Command line tools

To see code examples with the host FQDN filled in, open the cluster page in the management console and click Connect.

Linux (Bash)

curl \
    --user admin:<password> \
    --cacert ~/.opensearch/root.crt \
    --request GET 'https://<FQDN_of_OpenSearch_host_with_DATA_role>:9200/'

To learn how to get a host FQDN, see this guide.

Windows (PowerShell)

curl `
  -Certificate <absolute_path_to_certificate_file> `
  -Uri https://<FQDN_of_OpenSearch_host_with_DATA_role>:9200 `
  -Credential admin

To learn how to get a host FQDN, see this guide.

Connecting to OpenSearch Dashboards

You can connect to OpenSearch Dashboards:

  • Over the internet, if public access is enabled for a host with the DASHBOARDS role.
  • From a VM in Yandex Cloud, if public access is not enabled for any of your hosts with the DASHBOARDS role.

  1. Install the SSL certificate in your browser's store of trusted root certificates (see the instructions for Mozilla Firefox here).

  2. On the cluster page in the management console, click OpenSearch Dashboards or go to https://c-<cluster_ID>.rw.mdb.yandexcloud.net in your browser.

    You can get the cluster ID with the list of clusters in the folder.

  3. Enter admin for the username and the password you set when creating the cluster.

  1. Create a Linux VM in the same virtual network as the cluster.

  2. Connect to the VM over SSH.

  3. Install the dependencies:

    sudo apt update && \
sudo apt install --yes nginx ssl-cert

  4. Copy the downloaded SSL certificate to the /etc/nginx/ directory:

    sudo cp ~/.opensearch/root.crt /etc/nginx/root.crt

  5. Edit the NGINX default configuration file, for example, like this:

    /etc/nginx/sites-available/default

    upstream os-dashboards-nodes {
   server <FQDN_of_host_1_with_DASHBOARDS_role>:443;
   ...
   server <FQDN_of_host_N_with_DASHBOARDS_role>:443;
}

server {
   listen 443 ssl;

   ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
   ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

   server_name _;

   location / {

       proxy_pass https://os-dashboards-nodes;

       proxy_ssl_trusted_certificate /etc/nginx/root.crt;
       proxy_ssl_session_reuse on;
   }
}

    Warning

    This configuration file example uses a self-signed snakeoil certificate from the ssl-cert package. It is not safe to use this certificate in a real cluster. Instead, specify the path to your public and private SSL certificate keys in the ssl_certificate and ssl_certificate_key directives.

  6. Restart NGINX:

    sudo systemctl restart nginx

  7. Add the certificate specified in the ssl_certificate directive to the browser's trusted root certificate store (see the instructions for Mozilla Firefox here).

  8. In your browser, go to https://<VM_public_IP_address>.

  9. Enter the username and password for the admin user.

Note

When using the OpenSearch Dashboards API:

  • To send requests, use 443 instead of the standard port 5601.
  • To use the API, add the SSL certificate path to your application's configuration.

Before you connect from a Docker container

To connect to a Managed Service for OpenSearch cluster from a Docker container, add the following lines to the Dockerfile:

RUN apt-get update && \
    apt-get install curl --yes

RUN apt-get update && \
    apt-get install wget curl --yes && \
    mkdir --parents ~/.opensearch && \
    wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" \
         --output-document ~/.opensearch/root.crt && \
    chmod 0600 ~/.opensearch/root.crt
Previous
FQDNs of hosts
Next
Code examples