$ zammad run rails r “Setting.set(‘es_user’, ‘’)”
$ zammad run rails r “Setting.set(‘es_password’, ‘’)”
When is this optional step necessary ?
So far I have not done this and zammad works. Is there a security risk in not doing this ? (Elastic has no open port to the outside).
Or is it only important if you want to access Elastic directly via the web ?
The mentioned settings are relevant if you have an elasticsearch that does not run on your local machine and / or requires authenticatiojn in general.
Please note that by default anyone with access to your elasticsearch node get put or pull data from your indices. This is potentially dangerous, if you don’t expose elasticsearch to the world, you should be fine.
You need these steps only if Elasticsearch is running on another host or if you need to access it from other sources than localhost.
You should check best practises for elasticsearch installation security from elastics documentation.
If you’re running on a default installation (so localhost only) you should be fine anyway.