es集群,证书命令

原创:elasticsearch01/26/2021发布pv:0uv:0ip:0twitter #elasticsearch

原文地址:https://www.douyacun.com/article/380ad1f8bc460727aeb7435f7ef98cdb

ES初始化密码

./elasticsearch-setup-passwords interactive

ES开启密码校验

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

ES(7.*)集群配置

path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs

# 集群名称,节点集群名称必须一样
cluster.name: douyacun
# 节点id,唯一
node.name: node-2
# 限制客户端IP地址
network.bind_host: 0.0.0.0
# 集群节点连接IP
network.publish_host: 116.196.69.34
# http端口
http.port: 9200
# 集群节点之间 TCP 端口
transport.port: 9300
# 是否参加master节点选举
node.master: true
# 是否允许节点写数据
node.data: true
# 集群其他节点
discovery.seed_hosts: ["116.196.69.34:9300"]
# 允许选举master的节点
cluster.initial_master_nodes: ["node-2"]

ES集群密码,证书配置

生成证书

./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

配置,elastic-certificates.p12 必须放在config目录下面

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

https证书,通过nginx代理服务器配置就可以了,不建议es配置https证书

Kibana设置ES账户密码

elasticsearch.username: "kibana"
elasticsearch.password: "密码"

完整配置

cluster.name: douyacun
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs

bootstrap.memory_lock: true
network.bind_host: 0.0.0.0
network.publish_host: 116.196.69.34
http.port: 9200
transport.port: 9300
node.name: node-2
node.master: true
node.data: true
discovery.seed_hosts: ["116.196.69.34:9300"]
cluster.initial_master_nodes: ["node-2"]

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12