zoukankan      html  css  js  c++  java
  • Elasticsearch启动https访问

    Elasticsearch上操作

    前提:已设置密码访问

    ./bin/elasticsearch-certutil ca # 生成elastic-stack-ca.p12文件
    
    ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 # 生成elastic-certificates.p12文件,供elasticsearch使用
    
    openssl pkcs12 -in elastic-stack-ca.p12 -out newfile.crt.pem -clcerts -nokeys # 生成newfile.crt.pem文件,供kibana和filebeat使用,复制到各自对应目录下
    
    ./bin/elasticsearch-certutil cert --pem elastic-stack-ca.p12 # 生成certificate-bundle.zip文件,包含ca/ca.crt,instance/instance.crt,instance/instance.key
        Archive:  certificate-bundle.zip
           creating: ca/
          inflating: ca/ca.crt               
           creating: instance/
          inflating: instance/instance.crt   
          inflating: instance/instance.key 
    
    
    

    elasticsearch.yml配置文件操作

    xpack.security.enabled: true
    
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.keystore.path: /home/vdb1/new_es/elasticsearch-7.3.0/config/elastic-certificates.p12
    xpack.security.http.ssl.truststore.path: /home/vdb1/new_es/elasticsearch-7.3.0/config/elastic-certificates.p12
    
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /home/vdb1/new_es/elasticsearch-7.3.0/config/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /home/vdb1/new_es/elasticsearch-7.3.0/config/elastic-certificates.p12
    

    kibana上操作

    kibana.yml配置文件操作

    elasticsearch.hosts: ["https://localhost:9200"] # 注意https
    elasticsearch.ssl.verificationMode: none
    elasticsearch.ssl.certificateAuthorities: ["/home/vdb1/new_es/kibana-7.3.0/config/newfile.crt.pem"]
    
    elasticsearch.username: "kibana"
    elasticsearch.password: "1io0K4VS7nkxpGwGwzHg"
    

    filebeat上操作

    filebeat.yml配置文件操作

    注意:方法一和方法二使用的证书文件不一样,生成方式详见上述步骤

    # 方法一
    output.elasticsearch:
      hosts: ["localhost:9200"]
      protocol: "https"
      ssl.verification_mode: none
      ssl.certificate_authorities: ["/home/vdb1/new_es/filebeat-7.3.0-linux-x86_64/newfile.crt.pem"]
      username: "elastic"
      password: "x8w2B6OcO3W"
    
    # 方法二
    output.elasticsearch:
      hosts: ["localhost:9200"]
      protocol: "https"
      ssl.verification_mode: none
      ssl.certificate_authorities: ["/home/vdb1/new_es/filebeat-7.3.0-linux-x86_64/ca.crt"]
      username: "elastic"
      password: "x8w2B6ObcO3W"
    
  • 相关阅读:
    scrapy安装教程
    【bzoj4200】[Noi2015]小园丁与老司机 STL-map+dp+有上下界最小流
    【bzoj4889】[Tjoi2017]不勤劳的图书管理员 树状数组+分块+二分
    【bzoj4198】[Noi2015]荷马史诗 贪心+堆
    【bzoj2989】数列 KD-tree+旋转坐标系
    【bzoj4212】神牛的养成计划 Trie树+可持久化Trie树
    【bzoj4242】水壶 BFS+最小生成树+倍增LCA
    【bzoj4238】电压 DFS树
    【bzoj4240】有趣的家庭菜园 贪心+树状数组
    【bzoj4237】稻草人 分治+单调栈+二分
  • 原文地址:https://www.cnblogs.com/sanduzxcvbnm/p/12654166.html
Copyright © 2011-2022 走看看