Elastic 安全配置 开启xpack

1、生成证书

bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
mv bin/elastic-certificates.p12 config/
mv bin/elastic-stack-ca.p12 config/

2、编辑elasticsearch.yml
开启xpack

xpack.security.enabled: true

3、开启集群中https传输

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

4、开启api接口https传输

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12

xpack.security.http.ssl.client_authentication: none
xpack.ssl.verification_mode: none

5、自动生成密码

bin/elasticsearch-setup-passwords auto

6、配置kibana.yml
因为开启了elastic https传输所以要把http改为https

elasticsearch.hosts: ["https://localhost:9200"]

配置刚刚生成的kibana用户名和密码,否则启动kibana会报错

elasticsearch.username: "kibana"
elasticsearch.password: "puVIrhabjDNOMFCybZZj"

ssl证书认证为none

elasticsearch.ssl.verificationMode: none

你可能感兴趣的:(Elastic 安全配置 开启xpack)