Elastic 安全配置 開啟xpack

1、生成證書

bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
mv bin/elastic-certificates.p12 config/
mv bin/elastic-stack-ca.p12 config/

2、編輯elasticsearch.yml
開啟xpack

xpack.security.enabled: true

3、開啟集群中https傳輸

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

4、開啟api接口https傳輸

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12

xpack.security.http.ssl.client_authentication: none
xpack.ssl.verification_mode: none

5、自動(dòng)生成密碼

bin/elasticsearch-setup-passwords auto

6、配置kibana.yml
因?yàn)殚_啟了elastic https傳輸所以要把http改為https

elasticsearch.hosts: ["https://localhost:9200"]

配置剛剛生成的kibana用戶名和密碼，否則啟動(dòng)kibana會(huì)報(bào)錯(cuò)

elasticsearch.username: "kibana"
elasticsearch.password: "puVIrhabjDNOMFCybZZj"

ssl證書認(rèn)證為none

elasticsearch.ssl.verificationMode: none