opensearch security is stupid

docker-compose.yml

@@ -31,7 +31,7 @@ services:
       - IMAGE_URL_ROOT=/img
       - BADGE_URL_ROOT=/badge-img
       - TAG_URL_ROOT=/tag-img
-      - OPENSEARCH_URL=https://admin:admin@opensearch:9200
+      - OPENSEARCH_URL=http://opensearch:9200
       - REDIS_HOST=valkey
       - DATABASE_URL=ecto://postgres:postgres@postgres/philomena_dev
       - CDN_HOST=localhost
@@ -72,10 +72,9 @@ services:
     image: opensearchproject/opensearch:2.14.0
     volumes:
       - opensearch_data:/usr/share/opensearch/data
+      - ./docker/opensearch/opensearch.yml:/usr/share/opensearch/config/opensearch.yml
     logging:
       driver: "none"
-    environment:
-      - discovery.type=single-node
     ulimits:
       nofile:
         soft: 65536

docker/app/run-development

@@ -38,7 +38,7 @@ npm install
 # if it's not done doing whatever it does yet
 echo -n "Waiting for OpenSearch"
 
-until wget --no-check-certificate -qO - https://admin:admin@opensearch:9200; do
+until wget --no-check-certificate -qO - http://opensearch:9200; do
   echo -n "."
   sleep 2
 done

docker/opensearch/opensearch.yml

@@ -0,0 +1,15 @@
+---
+cluster.name: docker-cluster
+
+# Bind to all interfaces because we don't know what IP address Docker will assign to us.
+network.host: 0.0.0.0
+
+# Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again.
+discovery.type: single-node
+
+# Disable security. We don't need it for dev environment.
+# Also, whoever thought it's a GREAT IDEA TO ENFORCE SECURITY FEATURES
+# BY DEFAULT IN A FREAKING DOCKER CONTAINER should be forced to play
+# the password game every time they would like to create a new account
+# anywhere whatsoever.
+plugins.security.disabled: true