ElasticSearch、kibana设置账户密码;ElasticSearch对外访问

文章目录

  • 前言
  • 1. 设置elasticsearch账户密码,并且允许外部访问
  • 2. 设置kibana账户密码
  • 3. logstash配置账号密码

前言

今天在linux服务器上搭建elasticsearch索引库,但这段时间正在搞护网行动,所以elasticsearch和kibana就不能裸奔了,所以这篇文章我写了如何设置账户密码

  • elasticsearch 使用版本7.6.2
  • kibana 使用版本7.6.2

1. 设置elasticsearch账户密码,并且允许外部访问

  • 生成CA证书 bin目录下执行
# 如果不配置证书的话启动elasticsearch会报这个错
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: No available authentication scheme
 ./elasticsearch-certutil ca
 # 提示设置密码直接回车就行

ElasticSearch、kibana设置账户密码;ElasticSearch对外访问_第1张图片

cd ..
ls #这里在elasticsearch根目录已经可以看到 elastic-stack-ca.p12这个文件了

在这里插入图片描述

  • 然后使用刚刚生成的证书,生成p12秘钥 ,进入bin目录执行
./elasticsearch-certutil cert --ca /usr/local/elk/elasticsearch-7.6.2/elastic-stack-ca.p12
 # 提示设置密码直接回车就行

ElasticSearch、kibana设置账户密码;ElasticSearch对外访问_第2张图片
回到elasticsearch根目录,可以看到生成了elastic-certificates.p12这个文件
ElasticSearch、kibana设置账户密码;ElasticSearch对外访问_第3张图片

# 进入/elasticsearch
cd /config
mkdir certs
cp /usr/local/elk/elasticsearch-7.6.2/elastic-certificates.p12 certs #拷贝
  • 修改 elasticsearch.yml
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#

# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#transport.host: localhost
#transport.tcp.port: 9300
#
# For more information, consult the network module documentation.
#
# ---------------------------------- Discovery -----------------------------------
cluster.initial_master_nodes: ["node-1"]

xpack.security.enabled: true
#xpack.licence.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

修改完配置文件之后重新启动elasticsearch

./elasticsearch-setup-passwords interactive # 在elasticsearch/bin目录下执行该命令,设置密码

ElasticSearch、kibana设置账户密码;ElasticSearch对外访问_第4张图片
将elasticsearch的9200端口对外开放,这里我直接关闭防火墙

systemctl stop firewalld

下图所示,这里我外部已经可以访问9200了,并且访问需要账号密码

ElasticSearch、kibana设置账户密码;ElasticSearch对外访问_第5张图片
外部访问成功
ElasticSearch、kibana设置账户密码;ElasticSearch对外访问_第6张图片

2. 设置kibana账户密码

  • 编辑 kibana.yml
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://localhost:9200"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "elastic"
elasticsearch.password: "123546"

重新启动kibana ,访问已经需要登录了
ElasticSearch、kibana设置账户密码;ElasticSearch对外访问_第7张图片

3. logstash配置账号密码

output {
  elasticsearch {
	hosts => ["http://127.0.0.1:9200"]
    user => "elastic"
    passwrod => "123456"
	index => "%{[fields][servicename]}-%{+yyyy.MM.dd}"
  }
}

你可能感兴趣的:(linux,Elasticsearch,elasticsearch,搜索引擎,大数据,linux,全文检索)