Elastic安全配置开启xpack

1、生成证书

创新互联是一家专注于成都网站设计、做网站与策划设计,石景山网站建设哪家好?创新互联做网站,专注于网站建设十余年,网设计领域的专业建站公司;建站业务涵盖:石景山等地区。石景山做网站价格咨询:18980820575

bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
mv bin/elastic-certificates.p12 config/
mv bin/elastic-stack-ca.p12 config/

2、编辑elasticsearch.yml
开启xpack

xpack.security.enabled: true

3、开启集群中https传输

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

4、开启api接口https传输

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12

xpack.security.http.ssl.client_authentication: none
xpack.ssl.verification_mode: none

5、自动生成密码

bin/elasticsearch-setup-passwords auto

6、配置kibana.yml
因为开启了elastic https传输所以要把http改为https

elasticsearch.hosts: ["https://localhost:9200"]

配置刚刚生成的kibana用户名和密码,否则启动kibana会报错

elasticsearch.username: "kibana"
elasticsearch.password: "puVIrhabjDNOMFCybZZj"

ssl证书认证为none

elasticsearch.ssl.verificationMode: none

本文标题:Elastic安全配置开启xpack
转载源于:http://ybzwz.com/article/pdsjeg.html