ElasticSearch7.10的單機https訪問
參考資料-配置SSL、TLS以及HTTPS
1.設定Elastic密碼
這個首先是對ElasticSearch設定用戶密碼,在bin目錄下啟動ES實體
[~#bin]su choleen
[~#bin]./elasticsearch
啟動成功,在打開一個頁面,進入bin目錄,手動設定密碼,不然auto 自動生成密碼
[~#bin]./ elasticsearch-setup-passwords interactive
接下來提示:
Please confirm thta you would like to continue [y/N] y
然后后要為4個用戶分別設定密碼:elastic, kibana, logstash_system,beats_system,
我都是設定 admin123
2. 生成證書
- 生成p12密鑰
進入bin目錄,前提是ES實體啟動著
[~#bin]./elasticsearch-certutil ca
[~#bin]./elasticsearch-certutil cert --ca /home/software/elasticsearch-7.10.0/elastic-stack-ca.p12
[~#bin]vim ../config/elasticsearch.yml
- 生成證書
根據密鑰去生成證書,會產生新的檔案:elastic-certifiscates.p12,系統會提示輸入密碼,
- 當輸入證書和密鑰的密碼
在創建正書時輸入了密碼,完成后,啟動報錯,在bin目錄下可以這樣,輸入amdin123:
[~#bin]./elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password0
[~#bin]./elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
[~#bin]./elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password
[~#bin]elasticsearch-keystore add xpack.security.http.ssl.truststore.secure_password
- enter鍵按下,沒有輸入密碼,留空
這樣生成了沒有主機名資訊的證書,意味著可以用于集群中的每一個點,注意,關閉主機名驗證,
- 放certificates證書到config目錄下
[~#config]mkdir certs
[~#config]mv elastic-certificates.p12 config/certs/
3. 配置elasticsearch.yml
http.cors.allow-origin: "*"
http.cors.enabled: true
http.cors.allow-headers: Authorization
#https to access way
xpack.security.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificate.p12
xpack.security.http.ssl.truststore.path: certs/elastic-certificate.p12
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificate.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificate.p12
4. 重啟ES實體
當看到這個,說明證書啟動成功,有效,
5. Kibana的證書
在elasticsearch7.10的根目錄,有elastic-stack-ca.p12 密鑰,我們可以生成es所屬產品可用的證書
[~#elasticsearch-7.10.0] openssl pkcs12 -in elastic-stack-ca.p12 -out newfile.crt.pem -clcerts -nokeys
這里都有描述,生成的newfiel.crt.pem檔案,可以給kibnana、filebeat使用,復制到對應的config目錄,
根據圖片,還需要再kibana的組態檔中,寫入用戶和密碼
elasticsearch.hosts: ["https://127.0.0.0:9200"] # 注意https
elasticsearch.ssl.verificationMode: none
elasticsearch.ssl.certificateAuthorities: ["/usr/local/kibana-7.10.0-linux-x86_64/config/newfile.crt.pem"]
elasticsearch.username: "kibana"
elasticsearch.password: "admin123"
這樣先啟動es,再啟動kibana,就可以登錄,輸入用戶名,密碼,就可以了,
6. URL登錄
輸入elastic,admin123
7. linux上訪問node1
參看博客:https://www.cnblogs.com/ssqq5200936/p/10815200.html
- 查詢索引
curl -k -u elastic:admin123 'https://192.168.246.130:9200/_cat/indices?v'
- 查詢映射
curl -k -u elastic:admin123 -XGET -H "Content-Type:application/json" 'https://192.168.246.130:9200/test?pretty'
pretty,格式化
映射查詢
curl -k -u elastic:admin123 -XGET -H "Content-Type:application/json" 'https://192.168.246.130:9200/test/_mapping?pretty'
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/237604.html
標籤:其他