zoukankan      html  css  js  c++  java
  • Elasticsearch 开启安全认证

    Elasticsearch 的安全认证可以有两种方式实现,第一种是使用xpack的安全认证功能,另外一种是借助Nginx来实现安全认证,下面对两种方式做简要介绍。

    使用Elasticsearch自带的安全认证功能

    elasticsearch.yml增加安全认证的配置,示例如下:

    cluster.name: my-application
    node.name: node-1
    path.data: /data/elasticsearch/path/to/data
    path.logs: /data/elasticsearch/path/to/logs
    network.host: 0.0.0.0
    http.port: 9200
    discovery.zen.ping.unicast.hosts: ["172.31.6.21"]
     
     
    # 开启安全认证
    http.cors.enabled: true
    http.cors.allow-origin: "*"
    http.cors.allow-headers: Authorization
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true

    使用Nginx实现Elasticsearch的安全认证

    创建用于基本身份验证的nginx帐户

    htpasswd -c /etc/nginx/htpasswd.users kibanauser

    按下 Enter 键后,系统会提示我们输入并验证用户密码

    $ htpasswd -c /etc/nginx/htpasswd.users kibanauser
    New password: 
    Re-type new password: 
    Adding password for user kibanauser

    修改nginx.conf配置

    upstream elasticsearch {
        server 127.0.0.1:9200;
        keepalive 15;
      }
     
      upstream kibana {
        server 127.0.0.1:5601;
        keepalive 15;
      }
     
      server {
        listen 8881;
     
        location / {
          auth_basic "Restricted Access";
          auth_basic_user_file /etc/nginx/htpasswd.users;
     
     
          proxy_pass http://elasticsearch;
          proxy_redirect off;
          proxy_buffering off;
     
          proxy_http_version 1.1;
          proxy_set_header Connection "Keep-Alive";
          proxy_set_header Proxy-Connection "Keep-Alive";
        }
     
      }
     
      server {
        listen 8882;
     
        location / {
          auth_basic "Restricted Access";
          auth_basic_user_file /etc/nginx/htpasswd.users;
     
          proxy_pass http://kibana;
          proxy_redirect off;
          proxy_buffering off;
     
          proxy_http_version 1.1;
          proxy_set_header Connection "Keep-Alive";
          proxy_set_header Proxy-Connection "Keep-Alive";
        }
      }

    重启Nginx服务,验证即可

    参考文档

    https://elasticstack.blog.csdn.net/article/details/112213364

  • 相关阅读:
    第十九章:UTC time和local time的互换
    第二十章:安全性
    第十三章:基于socket.io实现即时通信
    第三章:ionic环境搭建之windows篇
    第十八章:自定义splash screen、app icon和tab icon
    第十七章:使用media插件来播放声音
    第一章:hybrid app开发之技术选型
    第十六章:自定义push notification sound
    第十五章:集成JPUSH
    ionic resources
  • 原文地址:https://www.cnblogs.com/libin2015/p/15637368.html
Copyright © 2011-2022 走看看