Overview
Magento 2 relies on a compatible search engine such as OpenSearch for efficient catalog queries. Out of the box, OpenSearch enables security features like HTTPS/SSL and authentication, which can cause integration headaches in development or internal environments. This guide walks through disabling those security layers while keeping OpenSearch accessible only from localhost.
Quick Navigation
- Step 1: Install OpenSearch on Ubuntu
- Step 2: Disable the Security Plugin
- Step 3: Disable HTTPS (Use HTTP Only)
- Step 4: Restrict Access with the Firewall
- Step 5: Configure the Magento 2 Connection
Step 1: Install OpenSearch on Ubuntu
Install OpenSearch using your package manager or the official documentation:
sudo apt update && sudo apt install opensearch
Step 2: Disable the Security Plugin
Open the OpenSearch configuration file:
sudo nano /etc/opensearch/opensearch.yml
Add or update the following line:
plugins.security.disabled: true
Important: Disabling security is not recommended for production. Only use this approach in internal or development environments.
Step 3: Disable HTTPS (Use HTTP Only)
Edit /etc/opensearch/opensearch.yml again:
sudo nano /etc/opensearch/opensearch.yml
Set these values:
opensearch.ssl.http.enabled: false
opensearch.ssl.transport.enabled: false
http.port: 9200
network.host: localhost
Step 4: Restrict Access with the Firewall
Even with security disabled, you should lock down the port so only the local machine can reach OpenSearch:
sudo ufw allow from 127.0.0.1 to any port 9200
sudo ufw reload
Step 5: Configure the Magento 2 Connection
Point Magento 2 at the plain-HTTP OpenSearch instance:
- Log into the Magento Admin.
- Navigate to Stores > Configuration > Catalog > Catalog > Catalog Search.
- Select "OpenSearch" and enter:
- Hostname:
localhost - Port:
9200 - Protocol:
HTTP
- Hostname:
- Save the configuration.
Rebuild the catalog search index to confirm everything is wired up correctly:
php bin/magento indexer:reindex catalogsearch_fulltext
If the reindex completes without errors, Magento and OpenSearch are communicating as expected.
Turning off OpenSearch security simplifies setup in controlled, private environments. Always make sure these instances stay internal and unreachable from the public internet. For production deployments, implement full security measures including HTTPS and robust authentication.
If you need professional help managing your Magento or OpenSearch infrastructure, we at Private DevOps are here to assist.
Need help with this?
Our team handles this kind of work daily. Let us take care of your infrastructure.
Related Articles
How to Boost Magento 2 Performance in a Few Easy Steps
Magento 2 delivers incredible flexibility for eCommerce, but without proper optimization it can become sluggish. This guide walks through ten proven DevOps strategies to dramatically speed up your store, from PHP upgrades and full-page caching to Varnish, Redis, CDN configuration, and ongoing code audits.
MagentoHow to Upgrade Magento 2 from 2.4.7 to 2.4.8
Keeping Magento current is critical for security, performance, and compatibility. This step-by-step guide walks developers through upgrading from Magento 2.4.7 to 2.4.8, covering system requirements, pre-upgrade checks, Git workflow, Composer commands, and post-upgrade validation.
MagentoHow to Completely Disable "Compare Products" in Magento 2
Magento's built-in Compare Products feature can add unnecessary clutter and slow down page loads. This guide shows you how to fully remove it using layout XML overrides, CSS rules, and a quick CLI deploy -- keeping your storefront clean and fast.