安装searc guard参考 https://www.cnblogs.com/minseo/p/10576126.html
安装elasticsearch-head参考 https://www.cnblogs.com/minseo/p/9117470.html
安装了search guard以后再安装elasticsearch-head 完整的elasticsearch配置如下
cluster.name: my-elk node.name: test-es-kibana-03 path.data: /data/es-data path.logs: /var/log/elasticsearch network.host: 172.16.20.13 http.port: 9200 #集群个节点IP地址,也可以使用els、els.shuaiguoxia.com等名称,需要各节点能够解析 #discovery.zen.ping.unicast.hosts: ["172.16.20.12","172.16.20.13"] #集群节点数 #discovery.zen.minimum_master_nodes: 2 #增加参数,使head插件可以访问es http.cors.enabled: true http.cors.allow-origin: "*"
#允许跨域头,不能像其他参考文件只写Authorization要写全 http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type searchguard.ssl.transport.pemcert_filepath: key/node-certificates/CN=IP-172.16.20.13.crtfull.pem searchguard.ssl.transport.pemkey_filepath: key/node-certificates/CN=IP-172.16.20.13.key.pem searchguard.ssl.transport.pemkey_password: c4ab466ad5273161b7cd searchguard.ssl.transport.pemtrustedcas_filepath: key/chain-ca.pem searchguard.ssl.transport.enforce_hostname_verification: false searchguard.ssl.http.enabled: true searchguard.ssl.http.pemcert_filepath: key/node-certificates/CN=IP-172.16.20.13.crtfull.pem searchguard.ssl.http.pemkey_filepath: key/node-certificates/CN=IP-172.16.20.13.key.pem searchguard.ssl.http.pemkey_password: c4ab466ad5273161b7cd searchguard.ssl.http.pemtrustedcas_filepath: key/chain-ca.pem searchguard.authcz.admin_dn: - CN=sgadmin searchguard.audit.type: internal_elasticsearch searchguard.enable_snapshot_restore_privilege: true searchguard.check_snapshot_restore_write_privileges: true searchguard.restapi.roles_enabled: ["sg_all_access"] cluster.routing.allocation.disk.threshold_enabled: false node.max_local_storage_nodes: 3 xpack.security.enabled: false
head的Gruntfile.js 配置不变
vim _site/app.js配置如下修改增加认证
访问head也需要增加认证地址为
http://172.16.20.13:9100/?auth_user=admin&auth_password=admin
点击连接出现认证报错,原因是浏览器阻止了,可以使用链接新开一个浏览器打开一遍即可
https://admin:admin@172.16.20.13:9200/
最后显示效果如下
