zoukankan      html  css  js  c++  java
  • Elasticsearch 开启安全认证

    Elasticsearch 的安全认证可以有两种方式实现,第一种是使用xpack的安全认证功能,另外一种是借助Nginx来实现安全认证,下面对两种方式做简要介绍。

    使用Elasticsearch自带的安全认证功能

    elasticsearch.yml增加安全认证的配置,示例如下:

    cluster.name: my-application
    node.name: node-1
    path.data: /data/elasticsearch/path/to/data
    path.logs: /data/elasticsearch/path/to/logs
    network.host: 0.0.0.0
    http.port: 9200
    discovery.zen.ping.unicast.hosts: ["172.31.6.21"]
     
     
    # 开启安全认证
    http.cors.enabled: true
    http.cors.allow-origin: "*"
    http.cors.allow-headers: Authorization
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true

    使用Nginx实现Elasticsearch的安全认证

    创建用于基本身份验证的nginx帐户

    htpasswd -c /etc/nginx/htpasswd.users kibanauser

    按下 Enter 键后,系统会提示我们输入并验证用户密码

    $ htpasswd -c /etc/nginx/htpasswd.users kibanauser
    New password: 
    Re-type new password: 
    Adding password for user kibanauser

    修改nginx.conf配置

    upstream elasticsearch {
        server 127.0.0.1:9200;
        keepalive 15;
      }
     
      upstream kibana {
        server 127.0.0.1:5601;
        keepalive 15;
      }
     
      server {
        listen 8881;
     
        location / {
          auth_basic "Restricted Access";
          auth_basic_user_file /etc/nginx/htpasswd.users;
     
     
          proxy_pass http://elasticsearch;
          proxy_redirect off;
          proxy_buffering off;
     
          proxy_http_version 1.1;
          proxy_set_header Connection "Keep-Alive";
          proxy_set_header Proxy-Connection "Keep-Alive";
        }
     
      }
     
      server {
        listen 8882;
     
        location / {
          auth_basic "Restricted Access";
          auth_basic_user_file /etc/nginx/htpasswd.users;
     
          proxy_pass http://kibana;
          proxy_redirect off;
          proxy_buffering off;
     
          proxy_http_version 1.1;
          proxy_set_header Connection "Keep-Alive";
          proxy_set_header Proxy-Connection "Keep-Alive";
        }
      }

    重启Nginx服务,验证即可

    参考文档

    https://elasticstack.blog.csdn.net/article/details/112213364

  • 相关阅读:
    一个小案例精通lamda表达式
    你想被开除吗?来看看程序员【离职小技巧】吧
    让 Flutter 在鸿蒙系统上跑起来
    “TensorFlow 开发者出道计划”全攻略,玩转社区看这里!
    环形单链表的增删改查、约瑟夫环两种解法
    一万字详解 Redis Cluster Gossip 协议
    Lambda表达式
    Linux系统中如何进入退出vim编辑器,方法及区别
    成为博客主的第一天
    【秋招内推】近期互联网公司秋招内推合集
  • 原文地址:https://www.cnblogs.com/libin2015/p/15637368.html
Copyright © 2011-2022 走看看