Elasticsearch6.8.0开启X-PACK服务以及开启客户端SSL
Elasticsearch6.8.0以后免费开放部分安全认证服务
下载
Kibana版本
https://www.elastic.co/cn/downloads/past-releases/kibana-6-8-0
Elasticsearch版本
https://www.elastic.co/cn/downloads/past-releases/elasticsearch-6-8-0
配置:
步骤1:配置Elasticsearch
1.生成节点通信证书
bin/elasticsearch-certutil cert ca --pem --out config/cert.zip
2.解压证书
unzip cert.zip
3.配置Elasticsearch
打开Elasticsearch 配置文件:elasticsearch.yml
在底部增加:
xpack.security.enabled: true
##节点间加密通信
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: instance/instance.key
xpack.security.transport.ssl.certificate: instance/instance.crt
xpack.security.transport.ssl.certificate_authorities: ca/ca.crt
4.启动Elasticsearch
bin/elasticsearch &
5.设置密码
bin/elasticsearch-setup-passwords auto
得到记录这些密码
6.配置Kibana
打开Kibana 配置文件
打开配置:
server.port: 5601
server.host: "127.0.0.1"
elasticsearch.hosts: ["http://127.0.0.1:9200"]
kibana.index: ".kibana"
##配置Elasticsearch中前面生成的kibana用户密码
elasticsearch.username: "kibana"
elasticsearch.password: "SA4RKa3QOmVD8nMA6OUU"
##Elasticsearch配置证书
elasticsearch.ssl.certificate: /Users/beishan/elasticsearch/elasticsearch-6.8.0/config/instance/instance.crt
elasticsearch.ssl.key: /Users/beishan/elasticsearch/elasticsearch-6.8.0/config/instance/instance.key
##Elasticsearch 配置是否验证证书有效
elasticsearch.ssl.verificationMode: none
7.启动Kibana
得到
8.使用超级用户elastic登录Kibana
9.注意
如果要开启客户端SSL加密通信(目前不需要)
1、在elasticsearch.yml 添加
##客户端加密通信
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: instance/instance.key
xpack.security.http.ssl.certificate: instance/instance.crt
xpack.security.http.ssl.certificate_authorities: ca/ca.crt
2.在kibana.yml中elasticsearch.hosts改为https
elasticsearch.hosts: ["https://127.0.0.1:9200"]
3.申请局域网域名映射到具体IP上,并将客户端SSL证书需要添加到客户端JVM的受信任证书列表中,这样Java客户端才可连接
参考
官网说明:
Elasticsearch配置
https://www.elastic.co/guide/en/elasticsearch/reference/6.8/configuring-tls.html#tls-http
Kibana配置
https://www.elastic.co/guide/en/kibana/6.8/settings.html
博客:
https://www.elastic.co/cn/blog/getting-started-with-elasticsearch-security