Windows ELK8 测试: filebeat8+kakfa+logstash8+elasticsearch8+kibana8 搭建日志系统(二)之加密
1、elasticsearch 配置xpack
2、重置下xpack 中的elastic用户密码**【重置前要先关闭http ssl认证】**
ELK\elasticsearch-8.14.3\bin>elasticsearch-reset-password.bat --username elastic -i
warning: ignoring JAVA_HOME=D:\byj\java\jdk-11.0.16; using bundled JDK
This tool will reset the password of the [elastic] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Re-enter password for [elastic]:
Password for the [elastic] user successfully reset.
3、重置下xpack 中的kibana用户密码**【重置前要先关闭http ssl认证】**
D:\byj\ELK\elasticsearch-8.14.3\bin>elasticsearch-reset-password.bat --username kibana_system -i
warning: ignoring JAVA_HOME=D:\byj\java\jdk-11.0.16; using bundled JDK
This tool will reset the password of the [kibana_system] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]y
Enter password for [kibana_system]:
Re-enter password for [kibana_system]:
Password for the [kibana_system] user successfully reset.
4、启用xpack的所有安全功能
xpack.security.enrollment.enabled: true
是为kibana生成一键接入token 使用的,用处不大
5、生成kibana 密钥
elasticsearch-create-enrollment-token -s kibana
或者直接在kibana 配置文件中配置效果一样
elasticsearch.hosts: ["https://127.0.0.1:9200"]
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "123456"
elasticsearch.ssl.certificateAuthorities: ['elasticsearch-8.14.3\config\certs\http_ca.crt']
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://localhost:9200'], ca_trusted_fingerprint: ab88779ea3cafb05fec411860fe66f7dd0743dbcecbb908f1044f8b9f615259d}]
5、启动kibana 访问 界面
注:建议用elastic 用户,不要用kibana_system用户,有权限问题
6、配置logstash ,并启动
output {
elasticsearch {
hosts => ["https://127.0.0.1:9200"]
index => "logstash-%{+YYYY.MM.dd}"
ssl => true
cacert => "elasticsearch-8.14.3\config\certs\http_ca.crt"
user => "elastic"
password => "123456"
}
stdout {
codec => rubydebug
}
}
附:kibana 启用https
7.1、生成 Kibana 的服务器证书和密钥(如果不想麻烦可直接下载结尾证书导入使用)
# 首先生成一个私钥和证书签名请求 (CSR)
openssl genpkey -algorithm RSA -out kibana-server.key
openssl req -new -key kibana-server.key -out kibana-server.csr
在生成 CSR 的过程中,系统会提示输入一些信息,如【国家、州、省、市、组织名称、通用名称(即服务器的域名或 IP 地址)等】
7.2、使用 CSR 生成自签名证书
openssl x509 -req -days 365 -in kibana-server.csr -signkey kibana-server.key -out kibana-server.crt
上述命令生成的 kibana-server.crt 就是服务器证书,kibana-server.key 是对应的私钥。
7.3、需要一个 CA 来签署服务器证书,首先生成 CA 的私钥和自签名证书
openssl genpkey -algorithm RSA -out ca.key
openssl req -x509 -new -nodes -key ca.key -sha256 -days 1024 -out ca.pem
这里的 ca.pem 是 CA 的证书,ca.key 是 CA 的私钥
7.4、使用 CA 签署服务器证书
openssl x509 -req -in kibana-server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kibana-server.crt -days 365 -sha256
这个步骤会生成一个由 CA 签署的 kibana-server.crt 证书。CAcreateserial 参数会生成一个序列号文件 (ca.srl)
7.5、生成客户端证书(给Metricbeat用)
openssl genpkey -algorithm RSA -out client.key
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client.crt -days 365 -sha256
这里的 client.key 是客户端私钥,client.crt 是由 CA 签署的客户端证书。
7.6、得到证书列表文件如下
下载:https://download.csdn.net/download/qq_30540299/89605754
7.6、配置:kibana-8.14.3\config\kibana.yml
,拷贝到 kibana-8.14.3\config\certs
server.ssl.enabled: true
server.ssl.certificate: kibana-8.14.3\config\certs\kibana-server.crt
server.ssl.key: kibana-8.14.3\config\certs\kibana-server.key